Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 20, 2025

CVE-2025-63932

Description

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command.

Affected products

D-Link/Router DIR-868Ldescription
Dlink/DIR-868Lllm-fuzzy
Range: = FW106KRb01.bin

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WhereisRain/DIR-868/tree/mainmitre
www.dlink.com/en/security-bulletin/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000