CVE-2025-12296
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dap-2695_firmware | 2.00 |
| dlink | dap-2695 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection flaw in the D-Link DAP-2695 router firmware version 2.00RC13. It occurs in the Firmware Update Handler component, specifically in the function sub_4174B0. The vulnerability arises because the firmware improperly handles input used to construct OS commands during the firmware update process, allowing an attacker to inject and execute arbitrary operating system commands remotely. Exploitation requires some level of authentication but can be performed remotely. The affected product is no longer supported, and no mitigations are available. [2, 4]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow remote attackers to execute arbitrary OS commands on the affected device, potentially compromising its confidentiality, integrity, and availability. This could lead to unauthorized control over the device, execution of malicious code, or denial of service conditions. Since the device is no longer supported, no patches or mitigations exist, increasing the risk of exploitation. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability can involve monitoring for unusual or unauthorized firmware update attempts on the D-Link DAP-2695 device, especially those that might exploit the Firmware Update Handler. Since the vulnerability involves OS command injection via the firmware update process, one could look for suspicious commands or network traffic related to firmware uploads. Specific commands to detect exploitation attempts are not provided in the resources. However, reviewing logs for commands similar to 'rm -f /var/captival_tar/%s' or unexpected system calls during firmware updates might help. Additionally, checking for the presence of the vulnerable firmware version 2.00RC13 on devices can indicate exposure. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected D-Link DAP-2695 devices running firmware version 2.00RC13, as the product is no longer supported and no known mitigations or patches exist. Replacement with alternative, supported products is recommended. Additionally, restricting network access to the device, especially limiting remote access to the firmware update interface, and monitoring for suspicious activity can help reduce risk. [2]