The vulnerability identified as CVE-2025-65731 affects the D-Link DIR-605L router, specifically hardware version F1 running firmware version V6.02CN02. The root cause is the presence of an unsecured UART serial interface that provides root terminal access without any authentication or access control mechanisms. UART (Universal Asynchronous Receiver/Transmitter) interfaces are commonly used for debugging and low-level device management. In this case, the UART pins expose a root shell, allowing an attacker with physical access to connect directly and execute arbitrary commands with root privileges. This bypasses all software-based security controls and can lead to full device compromise, including the ability to alter configurations, intercept or redirect network traffic, install persistent malware, or disrupt network availability. The vulnerability requires physical access to the device’s UART pins, which limits remote exploitation but poses a significant risk in environments where devices are accessible to unauthorized personnel. No CVSS score has been assigned, and no patches or mitigations have been officially released. The vulnerability was published on January 8, 2026, with the reservation date of November 18, 2025. There are no known exploits in the wild at this time. The lack of access control on the UART interface is a critical design flaw that undermines the security of the device’s firmware and operating environment.

For European organizations, the impact of this vulnerability can be substantial, particularly in sectors where physical security of network devices is not strictly enforced, such as small offices, retail locations, or public access areas. An attacker gaining root access to a router can intercept sensitive communications, manipulate network traffic, create backdoors, or launch further attacks within the internal network. This compromises confidentiality, integrity, and availability of network resources. Critical infrastructure operators, government agencies, and enterprises using this router model could face operational disruptions or data breaches. The physical access requirement reduces the likelihood of widespread remote exploitation but does not eliminate the risk of insider threats or targeted attacks. Additionally, the absence of patches means the vulnerability remains unmitigated, increasing exposure over time. The impact extends to supply chain security if these routers are used in managed services or embedded in larger network deployments.

To mitigate this vulnerability, organizations should first ensure strict physical security controls around network devices, preventing unauthorized personnel from accessing router hardware. If feasible, disable or physically block access to UART pins on the device to prevent connection. Network administrators should audit their inventory to identify affected D-Link DIR-605L routers (Hardware F1, Firmware V6.02CN02) and consider replacing them with models that do not expose such debug interfaces or have proper access controls. Monitoring for signs of physical tampering or unexpected device behavior is critical. Employ network segmentation to limit the impact of a compromised router. If possible, request firmware updates or security advisories from the vendor and apply any patches promptly once available. For environments where physical access cannot be fully controlled, consider deploying additional network security controls such as intrusion detection systems and strict access policies to detect and respond to suspicious activity.