Home

Description

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2025-12-31 | Published 2025-12-31 | Updated 2026-01-02 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Command Injection

Injection

Product status

100CNb11
affected

Timeline

2025-12-31:Advisory disclosed
2025-12-31:VulDB entry created
2025-12-31:VulDB entry last update

Credits

2160288544 (VulDB User) reporter

References

vuldb.com/?id.339152 (VDB-339152 | D-Link DIR-806A SSDP Request ssdpcgi_main command injection) vdb-entry technical-description

vuldb.com/?ctiid.339152 (VDB-339152 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.727637 (Submit #727637 | D-Link DIR-806A DIR806A1_FW100CNb11.bin Command Injection) third-party-advisory

github.com/...ve-/blob/D-Link/D-Link DIR-806A未授权RCE.md exploit

www.dlink.com/ product

cve.org (CVE-2025-15391)

nvd.nist.gov (CVE-2025-15391)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.