Back to KEVs

CVE-2023-25280

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 06, 2023
Published Date
March 16, 2023
Last Updated
October 04, 2024
Vendor
n/a
Product
n/a
Description
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2024-09-30 00:00:00 UTC) Source

References

https://www.dlink.com/en/security-bulletin/ https://github.com/migraine-sudo/D_Link_Vuln/tree/main/cmd%20Inject%20in%20pingV4Msg

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-09-30 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-25280.yaml 2025-06-15 08:30:16 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei