CVE-2025-63932

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-63932

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63932.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-63932

Published

2025-11-19T20:15:53.817Z

Modified

2026-03-15T14:53:19.591754Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "fw106krb01"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63932.json"