Vulnerability Description
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-816L Firmware | < 2.06b01 |
| Dlink | Dir-816L | - |
Related Weaknesses (CWE)
References
- https://github.com/bananashipsBBQ/CVE/blob/main/D-Link%20DIR-816L%20Remote%20ArbExploitThird Party Advisory
- https://vuldb.com/?ctiid.316939Permissions RequiredVDB Entry
- https://vuldb.com/?id.316939Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.617359Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
FAQ
What is CVE-2025-7836?
CVE-2025-7836 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbc_system of the file /htdocs/cgibin of the component En...
How severe is CVE-2025-7836?
CVE-2025-7836 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-7836?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-816L Firmware, Dlink Dir-816L.