CVE-2025-4340

Name of the Vulnerable Software and Affected Versions D-Link DIR-890L versions up to 100CNb11 D-Link DIR-806A1 versions up to 108B03

Description A critical issue has been detected, affecting the function sub 175C8 of the file /htdocs/soap.cgi. This issue leads to command injection and can be exploited remotely. The exploit has been publicly disclosed, making it possible for attackers to utilize it. This issue only affects products that are no longer supported by the manufacturer.

Recommendations For D-Link DIR-890L versions up to 100CNb11, consider disabling the sub 175C8 function in the /htdocs/soap.cgi file as a temporary workaround to minimize the risk of exploitation. For D-Link DIR-806A1 versions up to 108B03, restrict access to the /htdocs/soap.cgi file to prevent remote attacks until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.