CVE-2025-10689 is a command injection vulnerability identified in the D-Link DIR-645 router, specifically affecting version 105B01. The vulnerability resides in the soapcgi_main function within the /soap.cgi endpoint. By manipulating the 'service' argument in a crafted request, an attacker can inject arbitrary commands that the device executes. This flaw allows remote attackers to execute system-level commands without authentication or user interaction, leveraging the network-accessible SOAP interface. Although the exploit code is publicly available, the affected devices are no longer supported by the vendor, meaning no official patches or updates are provided. The CVSS 4.0 score is 5.3 (medium severity), reflecting that the attack vector is network-based with low attack complexity and no privileges or user interaction required. However, the vulnerability has limited impact on confidentiality, integrity, and availability, as indicated by the CVSS vector. The lack of vendor support increases the risk for affected devices, as mitigations must be implemented by users or network administrators. The vulnerability does not currently have known exploits in the wild, but the availability of exploit code raises the risk of future exploitation. Given the nature of the device (a consumer or small office router), successful exploitation could allow attackers to execute arbitrary commands, potentially leading to network compromise, interception of traffic, or pivoting to internal networks.

For European organizations, the impact of this vulnerability depends on the presence and deployment of the D-Link DIR-645 105B01 routers within their networks. If these devices are used as edge routers or in critical network segments, exploitation could lead to unauthorized command execution, enabling attackers to alter device configurations, intercept or redirect network traffic, or establish persistent footholds. This could compromise the confidentiality and integrity of organizational data and disrupt availability of network services. Since the device is no longer supported, organizations cannot rely on vendor patches, increasing the risk of prolonged exposure. Small and medium enterprises or home office setups using this router model may be particularly vulnerable, potentially serving as entry points for broader attacks. The medium severity rating suggests that while the vulnerability is serious, it may not lead to full network compromise without additional factors. However, in sensitive environments or where network segmentation is weak, the consequences could be significant.

Given the absence of vendor patches, European organizations should prioritize the following mitigations: 1) Immediate replacement of all D-Link DIR-645 105B01 routers with supported and updated models to eliminate the vulnerable device from the network. 2) If replacement is not immediately feasible, restrict network access to the router's management interfaces, especially the /soap.cgi endpoint, by implementing firewall rules that limit access to trusted IP addresses only. 3) Disable remote management features and SOAP services on the router if possible to reduce the attack surface. 4) Monitor network traffic for unusual requests targeting /soap.cgi or anomalous command execution patterns. 5) Employ network segmentation to isolate vulnerable devices from critical infrastructure and sensitive data. 6) Educate users and administrators about the risks of using unsupported hardware and the importance of timely device upgrades. 7) Regularly audit network devices to identify unsupported or end-of-life equipment and plan for their replacement.