Cyber Resilience

CVE-2025-1877

HighPublic PoC

Published: 03 March 2025

Published
03 March 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 54.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1877 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Dlink Dap-1562 Firmware. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-1877 is a critical vulnerability in D-Link DAP-1562 version 1.10, specifically affecting the pure_auth_check function within the HTTP POST Request Handler component. The issue arises from manipulation of the 'a1' argument, leading to a null pointer dereference classified under CWE-404 and CWE-476.

The vulnerability carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), allowing remote exploitation by an attacker possessing low privileges. Successful exploitation results in high availability impact, such as denial-of-service through device crashes, with no compromise of confidentiality or integrity.

Advisories from VulDB indicate that the vulnerability affects only products no longer supported by the maintainer, with no patches available. The exploit has been publicly disclosed, including details in VulDB entries (ctiid.298191, id.298191) and a Notion site write-up, increasing the risk for deployed devices.

In notable context, the public availability of the exploit heightens the threat to unsupported D-Link DAP-1562 devices still in use.

EU & UK References

Vulnerability details

A vulnerability, which was classified as critical, was found in D-Link DAP-1562 1.10. This affects the function pure_auth_check of the component HTTP POST Request Handler. The manipulation of the argument a1 leads to null pointer dereference. It is possible to…

more

initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in public-facing HTTP POST handler enables remote exploitation of web application (T1190) resulting in device crash via null pointer dereference (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1876Same product: Dlink Dap-1562
CVE-2025-1103Same vendor: Dlink
CVE-2025-0492Same vendor: Dlink
CVE-2025-13305Same vendor: Dlink
CVE-2025-70249Same vendor: Dlink
CVE-2025-50646Same vendor: Dlink
CVE-2025-50662Same vendor: Dlink
CVE-2025-2618Same vendor: Dlink
CVE-2025-70243Same vendor: Dlink
CVE-2025-50652Same vendor: Dlink

Affected Assets

dlink
dap-1562 firmware
1.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits or restricts use of unsupported system components like the end-of-life D-Link DAP-1562, directly mitigating unpatchable vulnerabilities such as this null pointer dereference.

prevent

Requires timely flaw remediation, including vulnerability scanning, patching, or retirement of affected systems when no patches are available for this critical HTTP handler flaw.

prevent

Mandates validation of information inputs like the manipulable 'a1' argument in HTTP POST requests to prevent null pointer dereferences in the pure_auth_check function.

References