D-Link DIR‑817L ssdpcgi lxmldbc_system command injection

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title	D-Link DIR‑817L ssdpcgi lxmldbc_system command injection
Type	cve
Published	2025-07-21T17:02:06.388Z
Modified	2025-07-21T17:02:06.388Z

Product Information

Vendor	D-Link
Product	DIR‑817L
Version	1.04B01

CVSS Information

Base Score	5.3 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected Products

D-Link DIR‑817L 1.04B01

Additional Information

CWE List	CWE-77, CWE-74
Source	VulDB

Description

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?id.317061
https://vuldb.com/?ctiid.317061
https://vuldb.com/?submit.618951
https://github.com/Patr1ck-S/Patr1ck-S.github.io/blob/main/D-Link%20DIR%E2%80%91817L%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi(1).md
https://www.dlink.com/

View Full CVE Details