CVE-2025-34125

CRITICAL

D-Link DSP-W110A1 <1.05B01 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-34125. PoCs published by Metasploit, including Metasploit module exploits/linux/http/dlink_dspw110_cookie_noauth_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in the cookie handling process of the lighttpd web server on D-Link devices. It uploads a stager via a multipart form upload and executes commands through a crafted cookie value.

Description

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/37628

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in the cookie handling process of the lighttpd web server on D-Link devices. It uploads a stager via a multipart form upload and executes commands through a crafted cookie value.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: D-Link devices with lighttpd 1.4.34 (e.g., DSP-W110A1_FW105B01)

No auth needed

Prerequisites: Network access to the vulnerable device · lighttpd 1.4.34 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in the cookie handling process of the lighttpd web server on D-Link devices, allowing remote code execution without authentication. It uploads a stager via a crafted POST request and executes commands through a maliciously crafted cookie.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: D-Link DSP-W110A1_FW105B01 (lighttpd 1.4.34)

No auth needed

Prerequisites: Network access to the vulnerable device · lighttpd 1.4.34 running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources third-party-advisory exploit

https://web.archive.org/web/20160125171424/https://github.com/darkarnium/secpub/tree/master/D-Link/DSP-W110

View Writeup ZIP pw:eip

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dspw110_cookie_noauth_exec.rb

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/dlink-dspw110a1-cookie-command-injection

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/37628

Scores

CVSS v4 9.3

EPSS 0.0313

EPSS Percentile 86.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

D-Link/DSP-W110A1 1.05B01

Published Jul 16, 2025

Tracked Since Feb 18, 2026