CVE-2018-25125 HIGH

CVE-2018-25125: Netis DL4322D RTK 2.1.1 FTP Service DoS

Vendor Netis Systems Co., Ltd.
Product DL4322D
Weakness CWE-120
Published November 14, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively long argument causes the service, and in practice the router, to crash or become unresponsive, resulting in a loss of availability for the device and connected users.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
April 7, 2026 Record updated