Vulnerability Description
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-110 Firmware | - |
| Dlink | Dir-110 | - |
| Dlink | Dir-412 Firmware | - |
| Dlink | Dir-412 | - |
| Dlink | Dir-600 Firmware | - |
| Dlink | Dir-600 | - |
| Dlink | Dir-610 Firmware | - |
| Dlink | Dir-610 | - |
| Dlink | Dir-615 Firmware | - |
| Dlink | Dir-615 | - |
| Dlink | Dir-645 Firmware | - |
| Dlink | Dir-645 | - |
| Dlink | Dir-815 Firmware | 1.03 |
| Dlink | Dir-815 | - |
Related Weaknesses (CWE)
References
- https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rceExploit
- https://legacy.us.dlink.com/Product
- https://support.dlink.com/EndOfLifePolicy.aspxProduct
- https://www.exploit-db.com/exploits/43496Exploit
- https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgiThird Party Advisory
FAQ
What is CVE-2018-25115?
CVE-2018-25115 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows r...
How severe is CVE-2018-25115?
CVE-2018-25115 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-25115?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-110 Firmware, Dlink Dir-110, Dlink Dir-412 Firmware, Dlink Dir-412, Dlink Dir-600 Firmware.