CVE-2018-25125

HIGH

Netis ADSL Router DL4322D RTK 2.1.1 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25125. PoCs published by cakes.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in the Netis ADSL Router DL4322D RTK 2.1.1 by sending an FTP command with a 1461-character offset, causing the router to crash. It requires authentication with default credentials (guest/guest).

Description

Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively long argument causes the service, and in practice the router, to crash or become unresponsive, resulting in a loss of availability for the device and connected users.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cakes · pythondoshardware

https://www.exploit-db.com/exploits/45424

View Code ZIP pw:eip

This exploit demonstrates a Denial of Service (DoS) vulnerability in the Netis ADSL Router DL4322D RTK 2.1.1 by sending an FTP command with a 1461-character offset, causing the router to crash. It requires authentication with default credentials (guest/guest).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Netis ADSL Router DL4322D RTK 2.1.1

Auth required

Prerequisites: Network access to the router · Default or known FTP credentials

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/45424

Various Sources product

https://web.archive.org/web/20180731191918/http://www.netis-systems.com/Home/detail/id/74.html

Various Sources product

https://www.netis-systems.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/netis-dl4322d-ftp-service-dos

Scores

CVSS v4 8.7

EPSS 0.0043

EPSS Percentile 33.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

Netis Systems Co., Ltd./DL4322D < RTK 2.1.1

Published Nov 14, 2025

Tracked Since Feb 18, 2026