CVE-2025-52079

HighPublic PoC

Published: 21 October 2025

Published

21 October 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may use [Patch System Image](https://attack.

Security Summary

CVE-2025-52079 is an improper access control vulnerability in the administrator password setting of the D-Link DIR-820L router running firmware version 1.06B02. It allows unverified password changes via a crafted POST request to the /get_set.ccp endpoint. Published on 2025-10-21T20:20:40.347, the issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-284.

The vulnerability can be exploited by an attacker with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation enables changing the administrator password without verification, granting high-impact access to confidentiality, integrity, and availability, which could result in full router compromise.

Mitigation guidance is available in advisories referenced at https://www.dlink.com/en/security-bulletin/ and a GitHub repository at https://github.com/namberino/cve/tree/main/CVE-2025-52079.

Details

CWE(s): CWE-284

Affected Products

dlink

dir-820l firmware

1.06b02

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1098 Account Manipulation Persistence

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems.

attack.mitre.org →

T1556.004 Network Device Authentication Defense Impairment

Adversaries may use [Patch System Image](https://attack.

attack.mitre.org →

Why these techniques?

Vulnerability enables unverified admin password change via crafted POST to web management interface (/get_set.ccp), facilitating exploitation of public-facing applications/remote services, account manipulation, and modification of network device authentication.

References

https://github.com/namberino/cve/tree/main/CVE-2025-52079
Exploit, Third Party Advisory · cve@mitre.org
https://www.dlink.com/en/security-bulletin/
Vendor Advisory · cve@mitre.org