VDB-316939 · CVE-2025-7836 · EUVD-2025-21971

D-Link DIR-816L ଯେପର୍ଯ୍ୟନ୍ତ 2.06B01 Environment Variable /htdocs/cgibin lxmldbc_system ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu D-Link DIR-816L ଯେପର୍ଯ୍ୟନ୍ତ 2.06B01 keessatti argameera. Miidhaan irra gahe is hojii lxmldbc_system faayilii /htdocs/cgibin keessa kutaa Environment Variable Handler keessa. Dhugumatti jijjiirraa gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-77 si geessa. Beekumsi kun yeroo 07/18/2025 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-7836 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $5k-$25k jedhamee tilmaamame. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 101 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 07/18/2025 09:31 PM	ଅଦ୍ୟତନ 1/3 07/19/2025 09:02 PM	ଅଦ୍ୟତନ 2/3 07/19/2025 09:49 PM	ଅଦ୍ୟତନ 3/3 10/03/2025 11:03 PM
software_vendor	D-Link	D-Link	D-Link	D-Link
software_name	DIR-816L	DIR-816L	DIR-816L	DIR-816L
software_version	<=2.06B01	<=2.06B01	<=2.06B01	<=2.06B01
software_component	Environment Variable Handler	Environment Variable Handler	Environment Variable Handler	Environment Variable Handler
software_file	/htdocs/cgibin	/htdocs/cgibin	/htdocs/cgibin	/htdocs/cgibin
software_function	lxmldbc_system	lxmldbc_system	lxmldbc_system	lxmldbc_system
vulnerability_cwe	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md	https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi.md
source_cve	CVE-2025-7836	CVE-2025-7836	CVE-2025-7836	CVE-2025-7836
cna_responsible	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1
software_type	Router Operating System	Router Operating System	Router Operating System	Router Operating System
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.0	6.9
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)	1752789600 (07/18/2025)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k
euvd_id		EUVD-2025-21971	EUVD-2025-21971	EUVD-2025-21971
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			L	L
cvss4_cna_vi			L	L
cvss4_cna_va			L	L
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss4_cna_bscore			5.3	5.3
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cvss3_cna_basescore			6.3	6.3
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			P	P
cvss2_cna_ii			P	P
cvss2_cna_ai			P	P
cvss2_cna_basescore			6.5	6.5
cve_nvd_summary			A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.	A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cve_nvd_summaryes				Se ha detectado una vulnerabilidad en D-Link DIR-816L hasta la versión 2.06B01, clasificada como crítica. Esta vulnerabilidad afecta a la función lxmldbc_system del archivo /htdocs/cgibin del componente Environment Variable Handler. La manipulación provoca la inyección de comandos. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				H
cvss3_nvd_a				H
cvss3_nvd_basescore				8.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!