CVE-2025-60854

D-Link · R15 (AX1500)

The D-Link R15 (AX1500) router contains a command injection vulnerability in the httpd service, reachable via the model name parameter during password changes.

Executive summary

A critical command injection vulnerability in the D-Link R15 (AX1500) router allows authenticated administrators to execute arbitrary system commands via the web interface.

Vulnerability

The vulnerability exists within the web administrator page where the "model name" parameter is not correctly sanitized. An attacker with administrative access can manipulate this parameter during a password change request to trigger command injection within the httpd daemon.

Business impact

A CVSS score of 9.8 reflects the severity of full system compromise. If exploited, an attacker could gain complete control over the network device, potentially facilitating lateral movement, man-in-the-middle attacks, or persistent access to the internal network.

Remediation

Immediate Action: Apply the latest firmware update provided by D-Link for the R15 (AX1500) router.

Proactive Monitoring: Review administrative access logs for suspicious activity and monitor for unexpected changes to device configuration or system processes.

Compensating Controls: Restrict access to the router's web administration interface to trusted internal IP addresses only and disable remote management features.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

The ability to execute arbitrary commands on network infrastructure is a high-risk scenario. Administrators must apply available patches immediately to mitigate the risk of device takeover. If a patch is not immediately available, ensure the device is isolated from the public internet.