Primary

Context

D-Link DAP-2695 Command Injection Vulnerability in Firmware Update Handler

Vulnerability

A command injection vulnerability has been identified in the D-Link DAP-2695 access point, specifically in firmware version 2.00RC131. The issue arises in the 'fwupdater_main' function of the 'rgbin' file, within the Firmware Update Handler component. This vulnerability allows remote attackers to inject and execute arbitrary operating system commands by manipulating user input without proper validation. As a result, the exploitation could lead to unauthorized command execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the device, potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a crafted firmware update request that includes malicious commands in the user input. The 'fwupdater_main' function will then execute these commands without proper sanitization, allowing for command injection.

Added: Oct 13, 2025, 7:20 AM

Updated: Oct 13, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DAP-2695 Command Injection Vulnerability in Firmware Update Handler

Vulnerability

Impact

Reproduction

Affected Products

D-Link DAP-2695

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating