CVE-2025-12296

D-Link DAP-2695 Firmware Update sub_4174B0 os command injection

CVSS 5.1 MEDIUMEPSS 7.0%CWE-77 CWE-78

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 7.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

27 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

D-Link · DAP-2695

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695_Injection.md https://vuldb.com/?ctiid.329964 https://vuldb.com/?id.329964 https://vuldb.com/?submit.675855 https://www.dlink.com/