CVE-2025-7836: Command Injection in D-Link DIR-816L
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-7836: Command Injection in D-Link DIR-816L
Description
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-18T19:26:06.521Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687bcf55a83201eaacfe3cd7
Added to database: 7/19/2025, 5:01:09 PM
Last updated: 7/19/2025, 5:01:09 PM
Views: 1
Related Threats
CVE-2025-54313: CWE-506 Embedded Malicious Code in prettier eslint-config-prettier
HighCVE-2025-7834: Cross-Site Request Forgery in PHPGurukul Complaint Management System
MediumCVE-2025-7833: SQL Injection in code-projects Church Donation System
MediumCVE-2025-7832: SQL Injection in code-projects Church Donation System
MediumCVE-2025-7831: SQL Injection in code-projects Church Donation System
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.