CVE-2025-1104
Published: 07 February 2025
Summary
CVE-2025-1104 is a high-severity Improper Authentication (CWE-287) vulnerability in Dlink Dhp-W310Av Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the authentication bypass vulnerability by requiring organizations to identify, test, and install software or firmware updates specific to this flaw in the D-Link router.
Enforces robust identification and authentication mechanisms for non-organizational users or processes, preventing remote attackers from bypassing authentication via spoofing on the router's exposed interfaces.
Mandates enforcement of approved access authorizations to logical resources, limiting the impact of unauthorized access achieved through the spoofed authentication bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-1104 enables remote authentication bypass by spoofing in the D-Link DHP-W310AV network device, facilitating exploitation of a public-facing application for initial access.
NVD Description
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public…
more
and may be used.
Deeper analysisAI
CVE-2025-1104 is a critical vulnerability affecting the D-Link DHP-W310AV router at version 1.04, specifically impacting unknown code within the device. It enables authentication bypass through spoofing, as classified under CWE-287 (Improper Authentication) and CWE-290 (Authentication Bypass by Spoofing). The issue carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network-accessible nature and lack of prerequisites.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, such as unauthorized access to restricted functions via spoofed authentication.
Advisories from VulDB (ctiid.294934, id.294934, submit.489958) and a GitHub repository (kn1g78/cve/blob/main/dlink.md) document the issue, with D-Link's official site (dlink.com) listed as a reference for further details. The exploit has been publicly disclosed and may be actively used.
Details
- CWE(s)