CVE-2025-46176

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-46176
Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/namberino/cve/tree/main/CVE-2025-46176 Third Party Advisory
https://www.dlink.com/en/security-bulletin/ Issue Tracking
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dir-816l_firmware:2.06b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*
History

03 Jun 2025, 15:47

Type Values Removed Values Added
CPE cpe:2.3:o:dlink:dir-816l_firmware:2.06b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-605l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-605l_firmware:2.13b01:*:*:*:*:*:*:*
References () https://github.com/namberino/cve/tree/main/CVE-2025-46176 - () https://github.com/namberino/cve/tree/main/CVE-2025-46176 - Third Party Advisory
References () https://www.dlink.com/en/security-bulletin/ - () https://www.dlink.com/en/security-bulletin/ - Issue Tracking
First Time Dlink dir-816l Firmware
Dlink dir-605l Firmware
Dlink dir-605l
Dlink
Dlink dir-816l

28 May 2025, 14:58

Type Values Removed Values Added
Summary
  • (es) Las credenciales codificadas en el servicio Telnet en D-Link DIR-605L v2.13B01 y DIR-816L v2.06B01 permiten a los atacantes ejecutar comandos arbitrarios de forma remota a través del análisis de firmware.

23 May 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-23 19:15

Updated : 2025-06-03 15:47

NVD link : CVE-2025-46176

Mitre link : CVE-2025-46176

CVE.ORG link : CVE-2025-46176

JSON object : View

Products Affected

dlink

  • dir-605l
  • dir-816l_firmware
  • dir-816l
  • dir-605l_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')