Back to Explorer

CVE-2025-15391

PUBLISHED
12/31/2025 1af790b2-7ee1-4545-860a-a788eba489b5

Technical Description

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgi_main of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products

D-Link
DIR-806A
100CNb11

References

https://vuldb.com/?id.339152
VDB-339152 | D-Link DIR-806A SSDP Request ssdpcgi_main command injection
https://vuldb.com/?ctiid.339152
VDB-339152 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?submit.727637
Submit #727637 | D-Link DIR-806A DIR806A1_FW100CNb11.bin Command Injection
https://github.com/ccc-iotsec/cve-/blob/D-Link/D-Link%20DIR-806A%E6%9C%AA%E6%8E%88%E6%9D%83RCE.md
External Link
https://www.dlink.com/
External Link

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None