CVE-2025-13191 D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow

A vulnerability was determined in D-Link DIR-816L 206b09beta. This issue affects the function soapcgimain of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This...

EUVD-2025-30198

Malicious code in bioql PyPI...

CVE-2025-10689 D-Link DIR-645 soap.cgi soapcgi_main command injection

A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgimain of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This...

CVE-2025-9752

CVE-2025-9752 affects D-Link DIR-852 with firmware 1.00CN B09 in the SOAP Service’s soap.cgi, specifically the soapcgi_main function. A manipulation of the argument named in the soap.cgi service parameter leads to OS command injection. The vulnerability is exploitable remotely and has publicly di...

CVE-2025-9727

CVE-2025-9727 affects D-Link DIR-816L firmware 206b01. The issue lies in the soapcgi_main function of /soap.cgi, where the service argument can be manipulated to trigger an OS command injection. Remote exploitation is possible, and public exploits exist. Several connected sources confirm the vuln...

CVE-2024-29385

DIR-845L router = v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgimain function...

CVE-2022-46476

D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function...

CVE-2024-29385

DIR-845L router = v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgimain function...

CVE-2024-29385

The CVE concerns a D-Link DIR-845L router vulnerability (

CVE-2024-29385

DIR-845L router = v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgimain function...

D-Link DIR-845L 安全漏洞

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A code execution vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from the soapcgimain function failing to correctly filter the special elements of the constructor snippet in the cgibin binary...

CVE-2024-29385

DIR-845L router = v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgimain function...

CVE-2023-51123

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgimain function of the cgibin binary component...

Design/Logic Flaw

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgimain function of the cgibin binary component...

CVE-2023-51123

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgimain function of the cgibin binary component...

CVE-2022-46476

D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function...

Command injection

D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function...

D-Link DIR-859 操作系统命令注入漏洞

D-Link DIR-859 is a wireless router from D-Link China.A security vulnerability exists in the D-Link DIR-859A1 1.05, which was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function. No detailed vulnerability details are currently available...

CVE-2022-46476

CVE-2022-46476 affects the D-Link DIR-859 A1 firmware (1.05). The issue is a command-injection vulnerability in the router’s soapcgi_main function, exploitable via the service= parameter due to inadequate input sanitization in the management interface. This could enable a remote attacker to execu...

CVE-2022-46476

D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgimain function...