CVE-2025-9727

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 74.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-816lDlink Dir-816l Firmware
Timeline
PublishedAug 31
Latest updateOct 1

Description

A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-816l206b01

🔴Vulnerability Details

2
GHSA
GHSA-486j-328h-2hww: A weakness has been identified in D-Link DIR-816L 206b012025-10-01
CVEList
D-Link DIR-816L soap.cgi soapcgi_main os command injection2025-08-31
CVE-2025-9727 (MEDIUM CVSS 5.3) | A weakness has been identified in D | cvebase.io