CVE-2025-22968

CRITICAL

D-Link DWR-M972V 1.05SSG - Unauthenticated Remote Code Execution via SSH Root Access

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-22968. PoCs published by CRUNZEX, AsimCr.

AI-analyzed exploit summary This repository documents an unauthenticated access vulnerability in D-Link DWR-M972V (Software Version 1.05SSG), allowing remote attackers to log in as root without credentials via SSH or Telnet. The PoC includes steps to reproduce the issue but lacks executable exploit code.

Description

An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions

Exploits (2)

nomisec WRITEUP 6 stars

by CRUNZEX · poc

https://github.com/CRUNZEX/CVE-2025-22968

View Code ZIP pw:eip

This repository documents an unauthenticated access vulnerability in D-Link DWR-M972V (Software Version 1.05SSG), allowing remote attackers to log in as root without credentials via SSH or Telnet. The PoC includes steps to reproduce the issue but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: D-Link DWR-M972V Software Version 1.05SSG

No auth needed

Prerequisites: Network access to the router's LAN or WAN interface · SSH/Telnet client

MITRE ATT&CK

T1078 - Valid Accounts T1021 - Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WRITEUP 1 stars

by AsimCr · pythonpoc

https://github.com/AsimCr/POC_Collecter_Bot/tree/master/CVE_Looter/CVE_Archive/CVE-2025-22968

View Code ZIP pw:eip

The repository contains a detailed writeup for CVE-2025-22968, describing an unauthenticated access vulnerability in D-Link DWR-M972V Software Version 1.05SSG. It includes technical details, proof-of-concept steps, and images demonstrating the exploitation process.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: D-Link DWR-M972V Software Version 1.05SSG

No auth needed

Prerequisites: Network access to the router · Router in default configuration

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/CRUNZEX/CVE-2025-22968

Exploit, Third Party Advisory

https://github.com/CRUNZEX/CVE-DLINK-LTE

Product

https://www.dlink.com/en/security-bulletin/

Scores

CVSS v3 9.8

EPSS 0.0245

EPSS Percentile 82.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

dlink/dwr-m972v_firmware 1.05ssg

Published Jan 15, 2025

Tracked Since Feb 18, 2026