CVE-2025-65731 is a vulnerability identified in the D-Link DIR-605L router, specifically hardware version F1 running firmware version V6.02CN02. The issue arises from the presence of a UART (Universal Asynchronous Receiver/Transmitter) serial interface on the device that provides root terminal access without any access control mechanisms. This means that an attacker with physical access to the router’s UART pins can connect directly to the device’s console and execute arbitrary commands with root privileges. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) because the root terminal interface lacks authentication controls. The CVSS v3.1 base score is 6.8, reflecting a medium severity level, with the vector indicating physical attack vector (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation requires physical access to the device, which limits remote exploitation but poses a significant risk in environments where devices are accessible to unauthorized personnel. No patches or firmware updates have been published yet, and no known exploits are currently in the wild. This vulnerability highlights the importance of securing hardware interfaces and controlling physical access to network devices.

For European organizations, the impact of CVE-2025-65731 can be significant in scenarios where physical security is insufficient. An attacker gaining root access via UART can fully compromise the router, potentially intercepting or manipulating network traffic, injecting malicious configurations, or using the device as a foothold for further network intrusion. This threatens confidentiality by exposing sensitive data, integrity by allowing unauthorized changes, and availability by enabling denial-of-service conditions. Critical infrastructure, small and medium enterprises, and home office environments using this router model are particularly vulnerable if devices are deployed in accessible locations. The physical access requirement reduces the risk of widespread remote attacks but increases the threat in shared office spaces, data centers with lax physical controls, or environments where devices are left unattended. The lack of available patches means organizations must rely on physical security and operational controls until a fix is released.

1. Physically secure all D-Link DIR-605L routers, especially hardware version F1 with firmware V6.02CN02, to prevent unauthorized access to UART pins. Use locked enclosures or secure rooms. 2. If possible, disable or cover UART interfaces to prevent connection. 3. Monitor and audit physical access to networking equipment regularly. 4. Maintain an inventory of affected devices and prioritize replacement or firmware upgrades once patches become available. 5. Implement network segmentation to limit the impact of a compromised router. 6. Educate staff on the risks of physical tampering and enforce strict access control policies. 7. Consider deploying alternative routers with better physical security controls in sensitive environments. 8. Stay informed about vendor advisories for firmware updates addressing this vulnerability.