OS Command Injection in D-Link DAP-2695 2.00RC13 Firmware Update Handler
CVE-2025-12296 Published on October 27, 2025
D-Link DAP-2695 Firmware Update sub_4174B0 os command injection
A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the function sub_4174B0 of the component Firmware Update Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2025-12296 has been classified to as a Shell injection vulnerability or weakness.
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2025-12296 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2025-12296
Want to know whenever a new CVE is published for D-Link Dap 2695? stack.watch will email you.
Affected Versions
D-Link DAP-2695 Version 2.00RC13 is affected by CVE-2025-12296Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.