RCE in D-link Dir-818lw
CVE-2025-7553
A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server leads to os command injection. It is poss…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.042 (89.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.
Affected products
- D-link Dir-818lw — versions 20191215
- Dlink Dir-818lw
- Dlink Dir-818lw_firmware
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cna@vuldb.com (technical-description, VDB Entry, Third Party Advisory, vdb-entry)
- cna@vuldb.com (signature, Permissions Required, permissions-required, VDB Entry)
- cna@vuldb.com (VDB Entry, Third Party Advisory, third-party-advisory)
- cna@vuldb.com (Product, product)
Frequently asked questions
- What is CVE-2025-7553?
- CVE-2025-7553 is a medium-severity vulnerability in D-link Dir-818lw, classified under Command Injection. CVSS score: 4.7/10. Published 2025-07-14.
- How severe is CVE-2025-7553?
- Medium severity. CVSS v3 base score is 4.7 out of 10.
- Is CVE-2025-7553 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.