What is the CVSS score of CVE-2025-46176?

CVE-2025-46176 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.4%.

Which versions of Dir 605l Firmware are affected by CVE-2025-46176?

Organizations using the Telnet service in D-Link DIR-605L should be aware of notable risk from CVE-2025-46176, a command injection vulnerability rated CVSS 6.5.

How to fix or mitigate CVE-2025-46176?

Within 30 days: Identify affected systems running the Telnet service in D-Link DIR-605L and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Dir 605l Firmware CVE-2025-46176

MEDIUM

Command Injection (CWE-77)

2025-05-23 cve@mitre.org

Command Injection D-Link Dir 605l Firmware Dir 816L Firmware

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:43 vuln.today

CVE Published

May 23, 2025 - 19:15 nvd

MEDIUM 6.5

DescriptionNVD

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

AnalysisAI

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis. Affected products include: Dlink Dir-605L Firmware, Dlink Dir-816L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.