CVE-2025-9026

CWE-77Command InjectionCWE-78OS Command InjectionCWE-1584 documents4 sources
Severity
6.9MEDIUM
EPSS
0.5%
top 32.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-860lDlink Dir-860l Firmware
Timeline
PublishedAug 15

Description

A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-860l2.04.B04

🔴Vulnerability Details

2
CVEList
D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection2025-08-15
GHSA
GHSA-f95p-94rw-mjfp: A vulnerability was identified in D-Link DIR-860L 22025-08-15

📋Vendor Advisories

1
Microsoft
PHP-FPM logs from children may be altered2024-10-08
CVE-2025-9026 (MEDIUM CVSS 6.9) | A vulnerability was identified in D | cvebase.io