CVE-2025-7836

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L versions up to 2.06B01

Description A critical vulnerability has been identified in D-Link DIR-816L. The issue involves command injection through the lxmldbc system function located in the /htdocs/cgibin file within the Environment Variable Handler component. This allows for remote attacks. The exploit for this vulnerability has been publicly disclosed. It is important to note that this vulnerability affects products that are no longer supported by the maintainer.

Recommendations D-Link DIR-816L versions up to 2.06B01: At the moment, there is no information about a newer version that contains a fix for this vulnerability.