Cybersecurity Vulnerabilities

D-Link R15 (AX1500) Router Vulnerable to Command Injection: CVE-2025-60854

December 2, 2025 - By 

Overview

This article details a critical command injection vulnerability identified as CVE-2025-60854 affecting D-Link R15 (AX1500) routers running firmware version 1.20.01 and below. This vulnerability allows an attacker to potentially execute arbitrary commands on the router’s operating system via a maliciously crafted password change request.

Technical Details

CVE-2025-60854 stems from insufficient input validation of the model name parameter within the web administrator page. Specifically, when a user initiates a password change request, the model name parameter, which is ostensibly intended for display purposes only, is not properly sanitized. By injecting shell commands into this parameter, an attacker can potentially execute arbitrary commands on the underlying system, gaining unauthorized access or control of the device.

The vulnerability lies within the httpd process, the web server responsible for handling web-based management interface requests.

CVSS Analysis

At the time of writing, a CVSS score is not yet available for CVE-2025-60854. However, considering the potential for arbitrary command execution, this vulnerability is likely to be rated as high severity. The lack of authentication requirements to access the password change form (assuming default configuration) would further increase the severity score. We will update this section once the official CVSS score is released.

Severity: N/A

CVSS Score: N/A

Possible Impact

Successful exploitation of CVE-2025-60854 can have severe consequences:

  • Full System Compromise: Attackers can gain complete control over the router.
  • Malware Installation: The router can be used as a botnet node or to host malicious content.
  • Data Theft: Sensitive information stored on the router (e.g., Wi-Fi passwords, configuration details) can be stolen.
  • Denial of Service (DoS): The router’s functionality can be disrupted, leading to network outages.
  • Network Pivoting: The compromised router can be used as a pivot point to attack other devices on the network.

Mitigation and Patch Steps

D-Link has released a security advisory addressing this vulnerability. It is crucial to take the following steps to mitigate the risk:

  1. Apply the Firmware Update: Upgrade your D-Link R15 (AX1500) router to the latest firmware version available on the D-Link support website. This patch addresses the command injection vulnerability by properly sanitizing the model name parameter.
  2. Disable Remote Management (if possible): If remote management is not required, disable it to reduce the attack surface.
  3. Change Default Credentials: Always change the default administrator username and password to strong, unique credentials.
  4. Monitor Network Traffic: Monitor your network for any unusual activity that could indicate a compromise.

References

D-Link Security Advisory SAP10473

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *