ByteOS Network

CVE Vulnerability Details :

CVE-2025-55583

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-28 Aug, 2025 | 00:00

Updated At-28 Aug, 2025 | 15:00

▼CVE Numbering Authority (CNA)

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
https://www.dlink.com/en/security-bulletin/	N/A
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10397	N/A
https://cybermaya.in/posts/Post-44/	N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE	CWE-306	CWE-306 Missing Authentication for Critical Function
CWE	CWE-668	CWE-668 Exposure of Resource to Wrong Sphere

Metrics

Version	Base score	Base severity	Vector
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metrics Other Info

References

Hyperlink	Resource
https://cybermaya.in/posts/Post-44/	exploit

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References