cnvd - cnvd-2025-11229

CNVD-2025-11229

Vulnerability from cnvd - Published: 2025-05-30

Title

D-Link DIR-890L/DIR-806A1命令注入漏洞

Description

D-Link DIR-890L和D-Link DIR-806A1都是中国友讯（D-Link）公司的产品。D-Link DIR-890L是一款无线路由器。D-Link DIR-806A1是一款双频无线路由器，支持AC750无线速率和USB共享功能。 D-Link DIR-890L和D-Link DIR-806A1存在命令注入漏洞，该漏洞源于文件/htdocs/soap.cgi中函数sub_175C8未能正确过滤构造命令特殊字符、命令等。攻击者可利用该漏洞执行任意命令。

Severity

中

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： http://www.dlink.com.cn/

Reference

https://vuldb.com/?id.307458

Impacted products

Name
['D-Link DIR-806A1 <=108B03', 'D-Link DIR-890L <=100CNb11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-4340",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-4340"
    }
  },
  "description": "D-Link DIR-890L\u548cD-Link DIR-806A1\u90fd\u662f\u4e2d\u56fd\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002D-Link DIR-890L\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002D-Link DIR-806A1\u662f\u4e00\u6b3e\u53cc\u9891\u65e0\u7ebf\u8def\u7531\u5668\uff0c\u652f\u6301AC750\u65e0\u7ebf\u901f\u7387\u548cUSB\u5171\u4eab\u529f\u80fd\u3002\n\nD-Link DIR-890L\u548cD-Link DIR-806A1\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/htdocs/soap.cgi\u4e2d\u51fd\u6570sub_175C8\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u547d\u4ee4\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttp://www.dlink.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-11229",
  "openTime": "2025-05-30",
  "products": {
    "product": [
      "D-Link DIR-806A1 \u003c=108B03",
      "D-Link DIR-890L \u003c=100CNb11"
    ]
  },
  "referenceLink": "https://vuldb.com/?id.307458",
  "serverity": "\u4e2d",
  "submitTime": "2025-05-14",
  "title": "D-Link DIR-890L/DIR-806A1\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2025-4340 (GCVE-0-2025-4340)

Vulnerability from cvelistv5 – Published: 2025-05-06 08:00 – Updated: 2025-05-06 13:53 Unsupported When Assigned

Title

D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection

Summary

A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.307458	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.307458	signaturepermissions-required
	https://vuldb.com/?submit.556092	third-party-advisory
	https://github.com/CH13hh/tmp_store_cc/blob/main/…	exploit
	https://www.dlink.com/	product

Impacted products

Vendor

Product

Version

D-Link

DIR-890L

Affected: 100CNb11
Affected: 108B03

D-Link

DIR-806A1

Affected: 100CNb11
Affected: 108B03

Credits

BabyShark (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4340",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-06T13:53:21.760461Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-06T13:53:27.958Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/1.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DIR-890L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "100CNb11"
            },
            {
              "status": "affected",
              "version": "108B03"
            }
          ]
        },
        {
          "product": "DIR-806A1",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "100CNb11"
            },
            {
              "status": "affected",
              "version": "108B03"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BabyShark (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in D-Link DIR-890L and DIR-806A1 bis 100CNb11/108B03 entdeckt. Dabei betrifft es die Funktion sub_175C8 der Datei /htdocs/soap.cgi. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T08:00:08.557Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-307458 | D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.307458"
        },
        {
          "name": "VDB-307458 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.307458"
        },
        {
          "name": "Submit #556092 | D-Link DIR-890 L A1  DIR-806A1 DIR-890 L A1\u003c=108B03   DIR-806A1\u003c=100CNb11 Command execution",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.556092"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/1.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-05T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-05T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-05T18:57:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4340",
    "datePublished": "2025-05-06T08:00:08.557Z",
    "dateReserved": "2025-05-05T16:51:28.370Z",
    "dateUpdated": "2025-05-06T13:53:27.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-11229

CVE-2025-4340 (GCVE-0-2025-4340)

Tags

Sightings

Nomenclature