Description
D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/d-link_dir-825_R2.pdf
Scores
CVSS v3
6.5
EPSS
0.0100
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
dlink/dir-825_firmware
2022.01.13-13.48
Published
May 17, 2022
Tracked Since
Feb 18, 2026