CVE-2025-60344
📋 TL;DR
An unauthenticated Local File Inclusion vulnerability in D-Link DSR series routers allows remote attackers to read sensitive configuration files containing administrative credentials and VPN settings. This enables full administrative access to affected routers. The vulnerability affects DSR-150, DSR-150N, and DSR-250N routers running firmware version 1.09B32_WW.
💻 Affected Systems
- D-Link DSR-150
- D-Link DSR-150N
- D-Link DSR-250N
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete router compromise leading to network takeover, credential theft, VPN access, and potential lateral movement into connected networks.
Likely Case
Attackers gain administrative access to router, change configurations, intercept traffic, and potentially install persistent backdoors.
If Mitigated
Limited to configuration file exposure if administrative access is restricted through other controls.
🎯 Exploit Status
Proof-of-concept code is publicly available on GitHub, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check D-Link for latest firmware updates
Vendor Advisory: Not provided in references
Restart Required: Yes
Instructions:
1. Check D-Link support site for firmware updates. 2. Download latest firmware for your model. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.
🔧 Temporary Workarounds
Restrict WAN access to admin interface
allDisable remote administration from WAN interface to prevent external exploitation
Change default credentials
allChange administrative passwords even though they may be exposed via LFI
🧯 If You Can't Patch
- Isolate affected routers in separate network segments
- Implement strict firewall rules to limit access to router management interfaces
🔍 How to Verify
Check if Vulnerable:
Check firmware version in router admin interface under System Status or Maintenance sectionCheck Version:
Check via web interface or SSH if enabled: show versionVerify Fix Applied:
Verify firmware version has been updated to a version newer than v1.09B32_WW📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in router logs
- Multiple failed authentication attempts followed by configuration file access
Network Indicators:
- Unusual HTTP requests to router management interface with file path traversal patterns
- Traffic spikes to router configuration endpoints
SIEM Query:
http.url:*config* AND http.url:*..* AND dst_ip:[ROUTER_IP]