CVE-2025-2359
Published: 17 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-2359 is a critical improper authorization vulnerability in the D-Link DIR-823G router running firmware version 1.0.2B05_20181207. The issue resides in the SetDDNSSettings function within the /HNAP1/ endpoint of the DDNS Service component, where manipulation of the SOAPAction argument bypasses required authorization checks. Associated with CWE-266 (Incorrect Privilege Assignment) and CWE-285 (Improper Authorization), it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-17.
The vulnerability enables remote exploitation without authentication or user interaction, allowing unauthenticated attackers to manipulate DDNS settings. Successful exploitation grants limited impact, including low-level confidentiality, integrity, and availability disruptions, such as unauthorized changes to DDNS configurations that could facilitate further network reconnaissance or persistence.
Advisories from sources like VulDB indicate no patches are available, as the affected D-Link DIR-823G products are no longer supported by the manufacturer. The D-Link website provides general support information but no specific remediation for this firmware version.
An exploit for CVE-2025-2359 has been publicly disclosed, increasing the risk for exposed, end-of-life devices still in use.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an authorization bypass in a public-facing router management endpoint (/HNAP1/ DDNS service), enabling remote unauthenticated exploitation of an Internet-facing device, which directly maps to T1190 Exploit Public-Facing Application.