Skip to main content

Dir 882 Firmware CVE-2025-60700

MEDIUM
Command Injection (CWE-77)
2025-11-13 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:22 vuln.today
PoC Detected
Nov 17, 2025 - 12:28 vuln.today
Public exploit code
CVE Published
Nov 13, 2025 - 18:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the prog.cgi and librcm.so binaries. The sub_4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvram_safe_set("dmz_ipaddr", ...). These values are later retrieved in the DMZ_run function of librcm.so using nvram_safe_get and concatenated into iptables shell commands executed via twsystem() without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface.

AnalysisAI

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the prog.cgi and librcm.so binaries. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the prog.cgi and librcm.so binaries. The sub_4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvram_safe_set("dmz_ipaddr", ...). These values are later retrieved in the DMZ_run function of librcm.so using nvram_safe_get and concatenated into iptables shell commands executed via twsystem() without any sanitization. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device through specially crafted HTTP requests to the router's web interface. Affected products include: Dlink Dir-882 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2022-44807 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString. Rated critical severity (CVSS 9

CVE-2022-44806 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerabil

CVE-2022-44804 CRITICAL POC
9.8 Nov 22

D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function. Rated critical severit

CVE-2022-28901 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows a

CVE-2022-28896 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 all

CVE-2022-28895 CRITICAL POC
9.8 May 10

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allo

CVE-2022-28571 CRITICAL POC
9.8 May 02

D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Rated critical

CVE-2022-1262 HIGH POC
7.8 Apr 11

A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interf

CVE-2023-26925 HIGH POC
7.5 Mar 31

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (

CVE-2024-0717 MEDIUM POC
5.3 Jan 19

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI

CVE-2020-15633 HIGH
8.8 Jul 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

CVE-2020-8864 HIGH
8.8 Mar 23

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-86

Share

CVE-2025-60700 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy