Cyber Resilience

CVE-2025-46176

Medium

Published: 23 May 2025

Published
23 May 2025
Modified
03 June 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0038 59.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-46176 is a medium-severity Command Injection (CWE-77) vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 40.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Hardcoded credentials in Telnet service enable valid default account usage (T1078.001) for remote command execution on network device CLI (T1059.008) via exploitation of the remote service (T1210).

Affected Assets

dlink
dir-605l firmware
2.13b01
dlink
dir-816l firmware
2.06b01

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References