CVE-2025-1877
Published: 03 March 2025
Summary
CVE-2025-1877 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Dlink Dap-1562 Firmware. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-1877 is a critical vulnerability in D-Link DAP-1562 version 1.10, specifically affecting the pure_auth_check function within the HTTP POST Request Handler component. The issue arises from manipulation of the 'a1' argument, leading to a null pointer dereference classified under CWE-404 and CWE-476.
The vulnerability carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), allowing remote exploitation by an attacker possessing low privileges. Successful exploitation results in high availability impact, such as denial-of-service through device crashes, with no compromise of confidentiality or integrity.
Advisories from VulDB indicate that the vulnerability affects only products no longer supported by the maintainer, with no patches available. The exploit has been publicly disclosed, including details in VulDB entries (ctiid.298191, id.298191) and a Notion site write-up, increasing the risk for deployed devices.
In notable context, the public availability of the exploit heightens the threat to unsupported D-Link DAP-1562 devices still in use.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5543
Vulnerability details
A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to…
more
initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing HTTP POST handler enables remote exploitation of web application (T1190) resulting in device crash via null pointer dereference (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prohibits or restricts use of unsupported system components like the end-of-life D-Link DAP-1562, directly mitigating unpatchable vulnerabilities such as this null pointer dereference.
Requires timely flaw remediation, including vulnerability scanning, patching, or retirement of affected systems when no patches are available for this critical HTTP handler flaw.
Mandates validation of information inputs like the manipulable 'a1' argument in HTTP POST requests to prevent null pointer dereferences in the pure_auth_check function.