Sign-up

ID

VAR-202507-2636


CVE

CVE-2025-8231


TITLE

D-Link Systems, Inc.  of  DIR-890L  Hardcoded password usage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917

DESCRIPTION

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-890L The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-8231 // JVNDB: JVNDB-2025-010917

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-890lscope:lteversion:1.11b04

Trust: 1.0

vendor:d linkmodel:dir-890lscope:lteversion:dir-890l firmware 1.11b04 and earlier

Trust: 0.8

vendor:d linkmodel:dir-890lscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-890lscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917 // NVD: CVE-2025-8231

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8231
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-010917
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-8231
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-010917
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-8231
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-010917
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917 // NVD: CVE-2025-8231

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

problemtype:Using hardcoded passwords (CWE-259) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917 // NVD: CVE-2025-8231

EXTERNAL IDS

db:NVDid:CVE-2025-8231

Trust: 2.6

db:VULDBid:317819

Trust: 1.8

db:JVNDBid:JVNDB-2025-010917

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917 // NVD: CVE-2025-8231

REFERENCES

url:https://github.com/nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.md

Trust: 1.8

url:https://vuldb.com/?id.317819

Trust: 1.8

url:https://vuldb.com/?submit.622337

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.317819

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-8231

Trust: 0.8

sources: JVNDB: JVNDB-2025-010917 // NVD: CVE-2025-8231

SOURCES

db:JVNDBid:JVNDB-2025-010917
db:NVDid:CVE-2025-8231

LAST UPDATE DATE

2025-08-09T23:08:10.677000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-010917date:2025-08-07T06:52:00
db:NVDid:CVE-2025-8231date:2025-08-06T17:01:33.037

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-010917date:2025-08-07T00:00:00
db:NVDid:CVE-2025-8231date:2025-07-27T14:15:24.950