Details of VAR-202507-2444

ID

VAR-202507-2444

CVE

CVE-2025-7932

TITLE

D-Link DIR-817L Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-17382

DESCRIPTION

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The D-Link DIR-817L is a home-grade dual-band wireless router released by D-Link. It supports the IEEE 802.11ac standard and features dual-band concurrent functionality (2.4GHz/5GHz), with a maximum wireless transmission rate of 750Mbps. The D-Link DIR-817L suffers from a command injection vulnerability caused by the lxmldbc_system function in the ssdpcgi file failing to properly sanitize special characters and commands in constructed commands. No detailed vulnerability details are currently available

Trust: 1.44

sources: NVD: CVE-2025-7932 // CNVD: CNVD-2025-17382

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17382

AFFECTED PRODUCTS

vendor:

d link

model:

dir-817l <=1.04b01

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-17382

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7932
value:	LOW
Trust: 1.0
CNVD:	CNVD-2025-17382
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-7932
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-17382
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7932
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-17382 // NVD: CVE-2025-7932

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0

sources: NVD: CVE-2025-7932

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7932	Trust: 1.6
db:	VULDB	id:	317061	Trust: 1.0
db:	CNVD	id:	CNVD-2025-17382	Trust: 0.6

sources: CNVD: CNVD-2025-17382 // NVD: CVE-2025-7932

REFERENCES

url:	https://www.dlink.com/	Trust: 1.0
url:	https://vuldb.com/?submit.618951	Trust: 1.0
url:	https://vuldb.com/?ctiid.317061	Trust: 1.0
url:	https://vuldb.com/?id.317061	Trust: 1.0
url:	https://github.com/patr1ck-s/patr1ck-s.github.io/blob/main/d-link%20dir%e2%80%91817l%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi(1).md	Trust: 1.0
url:	https://github.com/patr1ck-s/patr1ck-s.github.io/blob/main/d-link%20dir%e2%80%91817l%20has%20a%20remote%20arbitrary%20command%20execution%20vulnerability%20in%20ssdpcgi	Trust: 0.6

sources: CNVD: CNVD-2025-17382 // NVD: CVE-2025-7932

SOURCES

db:	CNVD	id:	CNVD-2025-17382
db:	NVD	id:	CVE-2025-7932

LAST UPDATE DATE

2025-08-02T23:15:20.852000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17382	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-7932	date:	2025-07-22T13:05:40.573

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17382	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-7932	date:	2025-07-21T17:15:39.410