Cyber Resilience

CVE-2025-1104

MediumPublic PoC

Published: 07 February 2025

Published
07 February 2025
Modified
21 May 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 19.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1104 is a medium-severity Improper Authentication (CWE-287) vulnerability in Dlink Dhp-W310Av Firmware. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability classified as critical has been identified in the D-Link DHP-W310AV firmware version 1.04. It stems from improper authentication handling that permits authentication bypass through spoofing, as indicated by the associated CWEs 287 and 290. The flaw resides in an unspecified code component and carries a CVSS 4.0 score of 6.9, reflecting network-accessible attack conditions with low complexity and no required privileges or user interaction.

Remote, unauthenticated attackers can exploit the issue by sending crafted requests that spoof valid credentials or sessions, resulting in partial compromise of confidentiality, integrity, and availability on the affected device. Publicly available proof-of-concept material demonstrates that the bypass can be triggered without physical access or prior authentication.

The EPSS score for this CVE rose from a low baseline of 0.0006 to a peak of 0.0104, indicating that exploitation interest increased after public disclosure. The availability of exploit details on public repositories further suggests that practitioners should monitor for follow-on activity targeting this D-Link model.

EU & UK References

Vulnerability details

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public…

more

and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-1104 enables remote authentication bypass by spoofing in the D-Link DHP-W310AV network device, facilitating exploitation of a public-facing application for initial access.

CVEs Like This One

CVE-2025-2548Same vendor: Dlink
CVE-2025-25742Same vendor: Dlink
CVE-2025-70239Same vendor: Dlink
CVE-2025-13304Same vendor: Dlink
CVE-2025-70231Same vendor: Dlink
CVE-2026-2857Same vendor: Dlink
CVE-2026-4194Same vendor: Dlink
CVE-2025-15193Same vendor: Dlink
CVE-2026-2055Same vendor: Dlink
CVE-2026-8346Same vendor: Dlink

Affected Assets

dlink
dhp-w310av firmware
1.04

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mitigates the authentication bypass vulnerability by requiring organizations to identify, test, and install software or firmware updates specific to this flaw in the D-Link router.

prevent

Enforces robust identification and authentication mechanisms for non-organizational users or processes, preventing remote attackers from bypassing authentication via spoofing on the router's exposed interfaces.

prevent

Mandates enforcement of approved access authorizations to logical resources, limiting the impact of unauthorized access achieved through the spoofed authentication bypass.

References