The vulnerability of the sub_175C8 function in the /htdocs/soap.cgi file of the D-Link DIR-890L and DIR-806A1 router microprogramming system, related to the lack of data cleaning at the control level, allows a perpetrator to execute arbitrary commands.

🗓️ 14 May 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

Vulnerability in sub_175C8 on /htdocs/soap.cgi enables remote command execution due to insufficient data cleaning.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-4340	6 May 202514:21	–	circl
CNNVD	D-Link DIR-890L和D-Link DIR-806A1 安全漏洞	6 May 202500:00	–	cnnvd
CNVD	D-Link DIR-890L/DIR-806A1 Command Injection Vulnerability	14 May 202500:00	–	cnvd
CVE	CVE-2025-4340	6 May 202508:00	–	cve
Cvelist	CVE-2025-4340 D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection	6 May 202508:00	–	cvelist
EUVD	EUVD-2025-13558	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4340	6 May 202508:15	–	nvd
OpenVAS	D-Link DIR-890L Multiple Vulnerabilities (2023 - 2025)	13 May 202500:00	–	openvas
OpenVAS	D-Link DIR-806 Multiple Vulnerabilities (2019 - 2025)	13 May 202500:00	–	openvas
OSV	CVE-2025-4340	6 May 202508:15	–	osv

Vulners

Node

d-link dir-890l_a1Range≤100cnb11

OR

d-link dir-890l_a1Range≤108b03

OR

d-link dir-806a1Range≤100cnb11

OR

d-link dir-806a1Range≤108b03

Source	Link
github	www.github.com/CH13hh/tmp_store_cc/blob/main/tt/1.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
dlink	www.dlink.com/
web	www.web.nvd.nist.gov/view/vuln/detail

14 May 2025 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 36.3

CVSS 26.5

EPSS0.04149

sub_175C8 function soap.cgi vulnerability remote command execution D Link router