VDB-316939 · CVE-2025-7836 · EUVD-2025-21971

D-Link DIR-816L har 2.06B01 Environment Variable /htdocs/cgibin lxmldbc_system kura hakki ndiyam

Gaskiya vulnerability da aka ware a matsayin kura an samu a D-Link DIR-816L har 2.06B01. Hakika, aikin lxmldbc_system ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /htdocs/cgibin, a cikin sashen Environment Variable Handler. A sa manipulation ka kura hakki ndiyam. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-77. Hakika, rauni an bayyana shi 07/18/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-7836. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $5k-$25k. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 Goyarwa · 101 Datenpunkte

Furɗe	Súgá 07/18/2025 21:31	Gargadi 1/3 07/19/2025 21:02	Gargadi 2/3 07/19/2025 21:49	Gargadi 3/3 10/03/2025 23:03
software_vendor	D-Link	D-Link	D-Link	D-Link
software_name	DIR-816L	DIR-816L	DIR-816L	DIR-816L
software_version	<=2.06B01	<=2.06B01	<=2.06B01	<=2.06B01
software_component	Environment Variable Handler	Environment Variable Handler	Environment Variable Handler	Environment Variable Handler
software_file	/htdocs/cgibin	/htdocs/cgibin	/htdocs/cgibin	/htdocs/cgibin
software_function	lxmldbc_system	lxmldbc_system	lxmldbc_system	lxmldbc_system
vulnerability_cwe	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md
source_cve	CVE-2025-7836	CVE-2025-7836	CVE-2025-7836	CVE-2025-7836
cna_responsible	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k
euvd_id		EUVD-2025-21971	EUVD-2025-21971	EUVD-2025-21971
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summary			A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.	A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cve_nvd_summaryes				Se ha detectado una vulnerabilidad en D-Link DIR-816L hasta la versión 2.06B01, clasificada como crítica. Esta vulnerabilidad afecta a la función lxmldbc_system del archivo /htdocs/cgibin del componente Environment Variable Handler. La manipulación provoca la inyección de comandos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!