CVE-2025-65731
Severity CVSS v4.0:
Pending analysis
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
08/01/2026
Last modified:
30/01/2026
Description
An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control.
Impact
Base Score 3.x
6.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-605l_firmware:6.02cn02:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-605l:f1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://gist.github.com/whitej3rry/f142a93bac360f9b1126f552f64957ea
- https://github.com/whitej3rry/CVE-2025-65731
- https://www.dlink.com/en/security-bulletin/
- https://www.dlink.com/uk/en/products/dir-605l-wireless-n-300-home-cloud-router
- https://gist.github.com/whitej3rry/f142a93bac360f9b1126f552f64957ea
- https://github.com/whitej3rry/CVE-2025-65731