Detections
Analytics

CVE-2025-60344

medium

Description

An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensitive information, enabling full administrative access to the router. Affected Products include: DSR-150, DSR-150N, and DSR-250N v1.09B32_WW.

References

https://github.com/fyoozr/vulnerability-research/tree/main/CVE-2025-60344

https://github.com/fyoozr/D-Link-DSR-N250-LFI-Vulnerability/

Details

Source: Mitre, NVD

Published: 2025-10-21

Updated: 2025-10-21

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Severity: Medium

EPSS

EPSS: 0.00047