What is CVE-2018-25115?

CVE-2018-25115 is a vulnerability in D-link Dir-110, classified under OS Command Injection. Published 2025-08-27.

Is CVE-2018-25115 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in D-link Dir-110

CVE-2018-25115

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary sy…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.013 (80.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

thexnumb/thexwriteup

References

github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce (technical-description, exploit)
www.exploit-db.com/exploits/43496 (exploit)
legacy.us.dlink.com/ (product)
support.dlink.com/EndOfLifePolicy.aspx (product)
www.vulncheck.com/advisories/dlink-dir-rce-service-cgi (third-party-advisory)

Frequently asked questions

What is CVE-2018-25115?: CVE-2018-25115 is a vulnerability in D-link Dir-110, classified under OS Command Injection. Published 2025-08-27.
Is CVE-2018-25115 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.