Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

CVE-2025-55583

CVSS SCORE:9.8

CVE ID:CVE-2025-55583

SEVERITY:High

Vendor:Unknown Vendor

Reporter:cve@mitre.org

Exploitable?Yes

Summary

D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.

CVSS Metrics

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

version3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

baseScore9.8

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredNONE

userInteractionNONE

scopeUNCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

CWE Information

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0,Type: Secondary

Additional Information

References

cve@mitre.org:https://cybermaya.in/posts/Post-44/

cve@mitre.org:https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10397

cve@mitre.org:https://www.dlink.com/en/security-bulletin/

134c704f-9b21-4f2e-91b3-4a467353bcc0:https://cybermaya.in/posts/Post-44/

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 8/28/2025

Updated 8/28/2025