CVE-2025-1104
Published: 07 February 2025
Summary
CVE-2025-1104 is a medium-severity Improper Authentication (CWE-287) vulnerability in Dlink Dhp-W310Av Firmware. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability classified as critical has been identified in the D-Link DHP-W310AV firmware version 1.04. It stems from improper authentication handling that permits authentication bypass through spoofing, as indicated by the associated CWEs 287 and 290. The flaw resides in an unspecified code component and carries a CVSS 4.0 score of 6.9, reflecting network-accessible attack conditions with low complexity and no required privileges or user interaction.
Remote, unauthenticated attackers can exploit the issue by sending crafted requests that spoof valid credentials or sessions, resulting in partial compromise of confidentiality, integrity, and availability on the affected device. Publicly available proof-of-concept material demonstrates that the bypass can be triggered without physical access or prior authentication.
The EPSS score for this CVE rose from a low baseline of 0.0006 to a peak of 0.0104, indicating that exploitation interest increased after public disclosure. The availability of exploit details on public repositories further suggests that practitioners should monitor for follow-on activity targeting this D-Link model.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2006
Vulnerability details
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public…
more
and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-1104 enables remote authentication bypass by spoofing in the D-Link DHP-W310AV network device, facilitating exploitation of a public-facing application for initial access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the authentication bypass vulnerability by requiring organizations to identify, test, and install software or firmware updates specific to this flaw in the D-Link router.
Enforces robust identification and authentication mechanisms for non-organizational users or processes, preventing remote attackers from bypassing authentication via spoofing on the router's exposed interfaces.
Mandates enforcement of approved access authorizations to logical resources, limiting the impact of unauthorized access achieved through the spoofed authentication bypass.