CVE-2025-4340

Published: May 6, 2025Modified: May 13, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected (2)

Products: Dlink: Dir 806 Firmware, Dir 890l Firmware

2 products

Dir 806 Firmware

Dir 890l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 806 Firmware	Up to 100cnb11

Running on/with	Platform Versions
Dlink Dir 806	Version a1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 890l Firmware	Up to 1.08b03

Running on/with	Platform Versions
Dlink Dir 890l	Version a1

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

https://github.com/CH13hh/tmp_store_cc/blob/main/tt/1.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.307458

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.307458

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.556092

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.dlink.com/

Source: cna@vuldb.com

Product

https://github.com/CH13hh/tmp_store_cc/blob/main/tt/1.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.