CVE Alert: CVE-2025-11488 – D-Link – DIR-852

Risk verdict

Urgent: remote command injection on D-Link DIR-852 with a publicly available PoC and automatable exploit, enabling remote code execution without user interaction.

Why this matters

The device could be taken under attacker control, enabling traffic manipulation, credential exposure, or network pivot to connected hosts. The product is stated as unsupported by the maintainer, which implies no official patches may be forthcoming, elevating the risk across consumer and small-business networks.

Most likely attack path

No user interaction required (UI:N) and network-proximate access (AV:N, PR:N) to the HNAP1 surface; an attacker can supply crafted input to trigger command injection (CWE-77/74) via the remote interface. Given the Scope is unchanged, exploitation targets the device only but can facilitate subsequent lateral movement within the local network if the router is gateway to other hosts.

Who is most exposed

Most exposed in consumer and small-business deployments using older, unsupported DIR-852 devices, often with WAN-facing management or exposed LAN segments that lack robust firmware updates.

Detection ideas

• Look for repeated attempts to access /HNAP1 over the WAN.
• Identify unusual command-like payloads in management logs.
• Detect sudden config changes or new process executions on the router.
• Network IDS signatures indicating HNAP1-specific exploit activity.
• Correlation of spikes in outbound traffic or DNS activity from the device.

Mitigation and prioritisation

• Apply firmware updates if vendor remediation becomes available; otherwise assume unpatched risk.
• Disable or tightly restrict HNAP1 and any WAN-facing management interfaces; implement strict ACLs.
• Enforce network segmentation and place DIR-852 devices behind dedicated security zones; restrict internet exposure.
• Implement continuous monitoring for anomalous router commands and config changes; prepare rollback procedures.
• If KEV is confirmed or EPSS ≥ 0.5, treat as priority 1.