CVE-2025-4454 is a command injection vulnerability identified in the D-Link DIR-619L router, specifically version 2.04B04. The vulnerability resides in the wake_on_lan function, where improper sanitization of the 'mac' argument allows an attacker to inject arbitrary commands. This flaw can be exploited remotely without requiring user interaction or authentication, making it a significant risk. The vulnerability is classified with a CVSS 4.0 base score of 5.3, indicating medium severity. The vector details show that the attack can be launched over the network (AV:N), requires low attack complexity (AC:L), no privileges (PR:L), and no user interaction (UI:N). However, the impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), suggesting partial compromise potential. The vulnerability affects only the specified firmware version of a product that is no longer supported by the vendor, meaning no official patches or updates are available. No known exploits are currently reported in the wild. The lack of vendor support increases the risk for affected users, as mitigation options are limited to workarounds or device replacement. The wake_on_lan feature is typically used to remotely power on devices within a local network, but the injection flaw could allow attackers to execute arbitrary system commands on the router, potentially leading to device compromise, network pivoting, or denial of service.

For European organizations, the impact of this vulnerability depends on the presence and usage of the D-Link DIR-619L router within their network infrastructure. Given that the device is an older, unsupported model, it is more likely to be found in small to medium enterprises or home office environments rather than large enterprises. Successful exploitation could allow attackers to gain control over the router, intercept or manipulate network traffic, and potentially use the compromised device as a foothold for further attacks within the network. This could lead to data breaches, disruption of network services, and exposure of sensitive information. The lack of vendor support means organizations cannot rely on official patches, increasing the risk of prolonged exposure. Additionally, since the attack requires no authentication or user interaction, automated scanning and exploitation attempts could target vulnerable devices, increasing the threat level. The overall impact is medium but could escalate if attackers combine this vulnerability with other exploits to achieve broader network compromise.

Given the absence of official patches due to discontinued support, European organizations should prioritize the following mitigation steps: 1) Identify and inventory all D-Link DIR-619L devices running firmware version 2.04B04 or earlier. 2) Immediately isolate these devices from critical network segments or restrict their network access to trusted management networks only. 3) Disable the wake_on_lan feature if it is not essential, as this is the vulnerable function. 4) Replace affected devices with currently supported models that receive regular security updates. 5) Implement network-level protections such as firewall rules to block unsolicited inbound traffic to the router’s management interfaces. 6) Monitor network traffic for unusual activity originating from or targeting these routers. 7) Educate users and administrators about the risks of using unsupported hardware and the importance of timely device upgrades. 8) Consider deploying network intrusion detection systems (NIDS) tuned to detect command injection attempts or anomalous wake_on_lan traffic patterns.