Dlink Dir-890L Firmware vulnerabilities

CVE-2025-8231 [HIGH] CWE-259 CVE-2025-8231: A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. T A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be u

CVE-2025-4340 [MEDIUM] CWE-74 CVE-2025-4340: A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb1 A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only af

CVE-2023-30063 [HIGH] CWE-287 CVE-2023-30063: D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.

CVE-2022-29778 [HIGH] CWE-798 CVE-2022-29778: D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake- D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php

CVE-2022-30521 [CRITICAL] CWE-787 CVE-2022-30521: The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by user

CVE-2019-20213 [HIGH] CWE-74 CVE-2019-20213: D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUT D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

CVE-2019-17621 [CRITICAL] CWE-78 CVE-2019-17621: The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

CVE-2018-12103 [MEDIUM] CWE-863 CVE-2018-12103: An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the admini