CVE-2025-34125: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in D-Link DSP-W110A1
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-34125) affects the D-Link DSP-W110A1 device running firmware version 1.05B01. It arises from improper neutralization of special elements in the cookie handling process of the embedded lighttpd web server, classified as CWE-78 (OS Command Injection). Because the vulnerability is unauthenticated and remotely exploitable over the network, an attacker can inject OS commands via crafted cookie values, resulting in arbitrary command execution on the device's Linux operating system. This can lead to full system compromise. The CVSS 4.0 vector indicates network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands without authentication, leading to full compromise of the affected device. This includes potential control over device functionality, data, and network operations. The critical CVSS score (9.3) reflects the high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device's management interface to trusted users only and monitor for suspicious activity. Avoid exposing the device's web interface to untrusted networks. Follow vendor communications closely for updates on patches or mitigations.
CVE-2025-34125: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in D-Link DSP-W110A1
Description
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-34125) affects the D-Link DSP-W110A1 device running firmware version 1.05B01. It arises from improper neutralization of special elements in the cookie handling process of the embedded lighttpd web server, classified as CWE-78 (OS Command Injection). Because the vulnerability is unauthenticated and remotely exploitable over the network, an attacker can inject OS commands via crafted cookie values, resulting in arbitrary command execution on the device's Linux operating system. This can lead to full system compromise. The CVSS 4.0 vector indicates network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary OS commands without authentication, leading to full compromise of the affected device. This includes potential control over device functionality, data, and network operations. The critical CVSS score (9.3) reflects the high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the device's management interface to trusted users only and monitor for suspicious activity. Avoid exposing the device's web interface to untrusted networks. Follow vendor communications closely for updates on patches or mitigations.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-04-15T19:15:22.561Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68795303a83201eaace879c4
Added to database: 7/17/2025, 7:46:11 PM
Last enriched: 4/7/2026, 11:04:37 PM
Last updated: 5/10/2026, 9:32:51 AM
Views: 218
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.