cnvd - cnvd-2025-24772

CNVD-2025-24772

Vulnerability from cnvd - Published: 2025-10-24

Title

D-Link DIR-852 os命令注入漏洞

Description

D-Link DIR-852是友讯科技推出的双频千兆无线路由器，主打家庭网络解决方案，支持迅雷远程下载功能。 D-Link DIR-852存在os命令注入漏洞，该漏洞源于文件soap.cgi中参数service未能正确过滤构造命令特殊字符、命令等。目前没有详细的漏洞细节提供。

Severity

高

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://www.dlink.com/en

Reference

https://www.dlink.com/

Impacted products

Name
D-Link DIR-852 1.00CN B09

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-9752",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-9752"
    }
  },
  "description": "D-Link DIR-852\u662f\u53cb\u8baf\u79d1\u6280\u63a8\u51fa\u7684\u53cc\u9891\u5343\u5146\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u4e3b\u6253\u5bb6\u5ead\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\uff0c\u652f\u6301\u8fc5\u96f7\u8fdc\u7a0b\u4e0b\u8f7d\u529f\u80fd\u3002\n\nD-Link DIR-852\u5b58\u5728os\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6soap.cgi\u4e2d\u53c2\u6570service\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.dlink.com/en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-24772",
  "openTime": "2025-10-24",
  "products": {
    "product": "D-Link DIR-852 1.00CN B09"
  },
  "referenceLink": "https://www.dlink.com/",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-04",
  "title": "D-Link DIR-852 os\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2025-9752 (GCVE-0-2025-9752)

Vulnerability from cvelistv5 – Published: 2025-09-01 00:02 – Updated: 2025-09-02 15:12

Summary

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CWE

CWE-78 - OS Command Injection
CWE-77 - Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.322053	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.322053	signaturepermissions-required
	https://vuldb.com/?submit.640590	third-party-advisory
	https://github.com/i-Corner/cve/issues/18	exploitissue-tracking
	https://www.dlink.com/	product

Impacted products

	Vendor	Product	Version
	D-Link	DIR-852	Affected: 1.00CN B09

Credits

iC0rner (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9752",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T14:34:23.295632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T15:12:20.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/i-Corner/cve/issues/18"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "SOAP Service"
          ],
          "product": "DIR-852",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "1.00CN B09"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "iC0rner (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in D-Link DIR-852 1.00CN B09 entdeckt. Betroffen ist die Funktion soapcgi_main der Datei soap.cgi der Komponente SOAP Service. Die Manipulation des Arguments service f\u00fchrt zu os command injection. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-01T00:02:06.532Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-322053 | D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.322053"
        },
        {
          "name": "VDB-322053 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.322053"
        },
        {
          "name": "Submit #640590 | D-Link DIR-852 1.00CN B09 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640590"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/i-Corner/cve/issues/18"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-31T10:23:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DIR-852 SOAP Service soap.cgi soapcgi_main os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9752",
    "datePublished": "2025-09-01T00:02:06.532Z",
    "dateReserved": "2025-08-31T08:18:37.778Z",
    "dateUpdated": "2025-09-02T15:12:20.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-24772

CVE-2025-9752 (GCVE-0-2025-9752)

Tags

Sightings

Nomenclature