Home

Description

EN DE

A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Davon betroffen ist die Funktion getenv der Datei /htdocs/cgibin der Komponente ssdpcgi. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-14 | Updated 2025-08-14 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Command Injection

Injection

Product status

1.05B01
affected

Timeline

2025-08-13:Advisory disclosed
2025-08-13:VulDB entry created
2025-08-13:VulDB entry last update

Credits

LonTan0 (VulDB User) reporter

References

vuldb.com/?id.319925 (VDB-319925 | D-Link DIR‑818L ssdpcgi cgibin getenv command injection) vdb-entry technical-description

vuldb.com/?ctiid.319925 (VDB-319925 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.627835 (Submit #627835 | Dlink D-Link DIR‑818L Firmware versions ≤ v1.05B01 Remote Arbitrary Command Execution) third-party-advisory

github.com/...lnerability in ssdpcgi of D-Link DIR‑818L.md exploit

www.dlink.com/ product

cve.org (CVE-2025-8956)

nvd.nist.gov (CVE-2025-8956)

Download JSON