CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-55583

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://cybermaya.in/posts/Post-44/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10397
https://www.dlink.com/en/security-bulletin/
https://cybermaya.in/posts/Post-44/

Products affected by CVE-2025-55583

Dlink » Dir-868l » Version: b1

cpe:2.3:h:dlink:dir-868l:b1
Dlink » Dir-868l Firmware » Version: 2.05b02

cpe:2.3:o:dlink:dir-868l_firmware:2.05b02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55583

Products

Pricing

Contact Us