CNNVD-202510-3529 Information

CNNVD ID

CNNVD-202510-3529

Related CVE

CVE-2025-12296

• CNNVD Published: 2025-10-27

Description (Chinese)

D-Link DAP-2695是中国友讯（D-Link）公司的一款高性能双频无线接入点。 D-Link DAP-2695 2.00RC13版本存在操作系统命令注入漏洞，该漏洞源于Firmware Update Handler组件中函数sub_4174B0存在os命令注入，可能导致远程攻击。

Description (English)

D-Link DAP-2695 is a high-performance double-frequency wireless access point for the Chinese company D-Link. The D-Link DAP-2695 2.00RC13 version contains a loophole in the operating system command, which originates from the presence of sub 4174B0 in the Firmware Update Handler component, which may result in a remote attack.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

友讯

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695_Injection.md https://www.dlink.com/ https://vuldb.com/?ctiid.329964 https://vuldb.com/?submit.675855 https://vuldb.com/?id.329964 https://access.redhat.com/security/cve/cve-2025-12296