Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dir-817l_firmware by dlink

    CVE-2025-7932 (GCVE-0-2025-7932)

    Vulnerability from nvd – Published: 2025-07-21 17:02 – Updated: 2025-07-21 17:51
    VLAI
    Title
    D-Link DIR‑817L ssdpcgi lxmldbc_system command injection
    Summary
    A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.317061 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.317061 signaturepermissions-required
    https://vuldb.com/?submit.618951 third-party-advisory
    https://github.com/Patr1ck-S/Patr1ck-S.github.io/… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR‑817L Affected: 1.04B01
    Create a notification for this product.
    Credits
    Patr1ck (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7932",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:50:58.164767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:51:28.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR\u2011817L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.04B01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Patr1ck (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in D-Link DIR\u2011817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DIR\u2011817L bis 1.04B01 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion lxmldbc_system der Datei ssdpcgi. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T17:02:06.388Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317061 | D-Link DIR\u2011817L ssdpcgi lxmldbc_system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.317061"
            },
            {
              "name": "VDB-317061 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317061"
            },
            {
              "name": "Submit #618951 | D-Link DIR\u2011817L Firmware version \u003c= Firmware v1.04B01 RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.618951"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Patr1ck-S/Patr1ck-S.github.io/blob/main/D-Link%20DIR%E2%80%91817L%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi(1).md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-21T08:36:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR\u2011817L ssdpcgi lxmldbc_system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7932",
        "datePublished": "2025-07-21T17:02:06.388Z",
        "dateReserved": "2025-07-21T06:31:52.370Z",
        "dateUpdated": "2025-07-21T17:51:28.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7932 (GCVE-0-2025-7932)

    Vulnerability from cvelistv5 – Published: 2025-07-21 17:02 – Updated: 2025-07-21 17:51
    VLAI
    Title
    D-Link DIR‑817L ssdpcgi lxmldbc_system command injection
    Summary
    A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.317061 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.317061 signaturepermissions-required
    https://vuldb.com/?submit.618951 third-party-advisory
    https://github.com/Patr1ck-S/Patr1ck-S.github.io/… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR‑817L Affected: 1.04B01
    Create a notification for this product.
    Credits
    Patr1ck (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7932",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T17:50:58.164767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T17:51:28.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR\u2011817L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.04B01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Patr1ck (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in D-Link DIR\u2011817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DIR\u2011817L bis 1.04B01 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion lxmldbc_system der Datei ssdpcgi. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-21T17:02:06.388Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317061 | D-Link DIR\u2011817L ssdpcgi lxmldbc_system command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.317061"
            },
            {
              "name": "VDB-317061 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317061"
            },
            {
              "name": "Submit #618951 | D-Link DIR\u2011817L Firmware version \u003c= Firmware v1.04B01 RCE",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.618951"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Patr1ck-S/Patr1ck-S.github.io/blob/main/D-Link%20DIR%E2%80%91817L%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi(1).md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-21T08:36:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR\u2011817L ssdpcgi lxmldbc_system command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7932",
        "datePublished": "2025-07-21T17:02:06.388Z",
        "dateReserved": "2025-07-21T06:31:52.370Z",
        "dateUpdated": "2025-07-21T17:51:28.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }