CVE-2025-1104

HIGH

Dlink Dhp-w310av Firmware - Authentication Bypass

Title source: rule

Description

A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.294934

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.294934

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.489958

[Exploit, Third Party Advisory] https://github.com/kn1g78/cve/blob/main/dlink.md

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-290 CWE-287

Status published

Products (1)

dlink/dhp-w310av_firmware 1.04

Published Feb 07, 2025

Tracked Since Feb 18, 2026