CVE-2025-63932

Published Nov 19, 2025

Last updated 3 months ago

CVSS high 7.3

Overview

Description: D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command.
Source: cve@mitre.org
NVD status: Analyzed
Products: dir-868l_firmware

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 3.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-78

Hype score: Not currently trending

CVE-2025-63932 D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not… https://t.co/UwYx56XkNd
@CVEnew
20 Nov 2025
350 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-868l_firmware:fw106krb01:*:*:*:*:*:*:*",
            "matchCriteriaId": "42356994-7EBF-4E6B-A13E-8FFE91DD30CB",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*",
            "matchCriteriaId": "0D8A8303-F830-477F-8944-F1149A0CD521",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References