Description
An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
Published: 2025-07-16
Score: 9.3 Critical
EPSS: 3.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated command injection flaw in the cookie handling of the lighttpd web server on the D-Link DSP-W110A1 firmware allows attackers to send specially crafted cookie values that are processed unchecked. This vulnerability enables remote attackers to execute arbitrary commands on the underlying Linux operating system, resulting in full system compromise.

Affected Systems

The affected device is the D-Link DSP-W110A1 router with firmware version 1.05B01. Users deploying this version should verify the build and apply an updated firmware that removes the vulnerability.

Risk and Exploitability

The flaw scores 9.3 on the CVSS scale; its EPSS score has been updated to 3%, indicating a low likelihood of exploitation. Although it is not yet listed in the CISA KEV catalog, the combination of unauthenticated access and remote code execution makes it a top priority to patch. The likely attack vector is remote network exploitation via HTTP requests to the device's web interface, where an attacker sends specially crafted cookie values that are processed unchecked, leading to arbitrary command execution on the underlying Linux OS.

Generated by OpenCVE AI on June 18, 2026 at 11:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest firmware released by D-Link that fixes the cookie handling flaw
  • If a firmware update is unavailable, block inbound traffic to the device's web server from untrusted networks to eliminate remote access
  • Enable logging and monitor for anomalous HTTP request patterns that could indicate attempted exploitation

Generated by OpenCVE AI on June 18, 2026 at 11:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21746 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
History

Fri, 21 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dsp-w215 Firmware
CPEs cpe:2.3:o:dlink:dsp-w215_firmware:1.05:b01:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dsp-w215 Firmware

Thu, 17 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.
Title D-Link DSP-W110A1 Cookie Command Injection
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dlink Dsp-w215 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:45.288Z

Reserved: 2025-04-15T19:15:22.561Z

Link: CVE-2025-34125

cve-icon Vulnrichment

Updated: 2025-07-17T19:29:22.382Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T22:15:24.003

Modified: 2026-06-17T09:13:30.707

Link: CVE-2025-34125

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T11:45:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')