CVE-2025-12296
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12296
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dap-2695_firmware 2.00
dlink dap-2695 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an OS command injection flaw in the D-Link DAP-2695 router firmware version 2.00RC13. It occurs in the Firmware Update Handler component, specifically in the function sub_4174B0. The vulnerability arises because the firmware improperly handles input used to construct OS commands during the firmware update process, allowing an attacker to inject and execute arbitrary operating system commands remotely. Exploitation requires some level of authentication but can be performed remotely. The affected product is no longer supported, and no mitigations are available. [2, 4]

Impact Analysis

Exploitation of this vulnerability can allow remote attackers to execute arbitrary OS commands on the affected device, potentially compromising its confidentiality, integrity, and availability. This could lead to unauthorized control over the device, execution of malicious code, or denial of service conditions. Since the device is no longer supported, no patches or mitigations exist, increasing the risk of exploitation. [2, 4]

Detection Guidance

Detection of this vulnerability can involve monitoring for unusual or unauthorized firmware update attempts on the D-Link DAP-2695 device, especially those that might exploit the Firmware Update Handler. Since the vulnerability involves OS command injection via the firmware update process, one could look for suspicious commands or network traffic related to firmware uploads. Specific commands to detect exploitation attempts are not provided in the resources. However, reviewing logs for commands similar to 'rm -f /var/captival_tar/%s' or unexpected system calls during firmware updates might help. Additionally, checking for the presence of the vulnerable firmware version 2.00RC13 on devices can indicate exposure. [2, 4]

Mitigation Strategies

Immediate mitigation steps include discontinuing use of the affected D-Link DAP-2695 devices running firmware version 2.00RC13, as the product is no longer supported and no known mitigations or patches exist. Replacement with alternative, supported products is recommended. Additionally, restricting network access to the device, especially limiting remote access to the firmware update interface, and monitoring for suspicious activity can help reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12296. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart