CVE-2025-11488

MEDIUM EPSS 73.9%

Published Oct 8, 20258mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 4.0

Medium

Published Oct 8, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Details

Base Score

5.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

73.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-74

CWE-77 Command Injection Injection

References 5

vuldb.com https://vuldb.com/?ctiid.327605
vuldb.com https://vuldb.com/?id.327605
vuldb.com https://vuldb.com/?submit.667505
dlink.com https://www.dlink.com/
yuque.com https://www.yuque.com/jh0ng/vmpda6/cqi681wr7vci6kx9

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.