Is there a public PoC exploit available for CVE-2025-7932?

Yes, a public proof-of-concept exploit is available for CVE-2025-7932. Prioritise patching immediately. EPSS: 0.4%.

D-Link DIR-817L CVE-2025-7932

Q: What is the CVSS score of CVE-2025-7932?

CVE-2025-7932 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.4%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-07-21 cna@vuldb.com

Command Injection D-Link Dir 817L Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:29 vuln.today

DescriptionCVE.org

A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Command injection in D-Link DIR-817L router firmware up to version 1.04B01 allows authenticated remote attackers to execute arbitrary system commands via the lxmldbc_system function in ssdpcgi, with publicly available exploit code disclosed and EPSS risk at 0.36% suggesting limited real-world exploitation despite network accessibility.

Technical ContextAI

The vulnerability exists in the ssdpcgi binary on D-Link DIR-817L routers, specifically within the lxmldbc_system function. The affected firmware is identified by CPE cpe:2.3:o:dlink:dir-817l_firmware up to version 1.04B01. CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) indicates that user-supplied input is not properly sanitized before being passed to a command execution context, likely enabling shell metacharacter injection. The ssdpcgi component appears to handle Simple Service Discovery Protocol (SSDP) configuration requests and unsafely constructs system commands from attacker-controlled parameters.

RemediationAI

Contact D-Link support to determine if a firmware patch beyond version 1.04B01 exists for the DIR-817L model, as no specific patched version is confirmed in available references. If a patched firmware release is available, perform a factory reset, backup current configuration, then update to the latest firmware version via the router's web administration panel (typically accessible at 192.168.0.1) following D-Link's official update procedure. As an interim compensating control, restrict network access to the ssdpcgi service by disabling remote administration of the router (disable WAN-side access to the web interface), disable UPnP if not required, and limit LAN-side access to the router's administrative interface via ACL rules to trusted administrator IP addresses only. These controls reduce authentication opportunities but may impact legitimate remote management needs - evaluate access requirements before implementation. Monitor D-Link security advisories at https://www.dlink.com/ for firmware updates.

CVE-2025-7932 vulnerability details – vuln.today

Back