Medium severity6.8NVD Advisory· Published Jul 27, 2025· Updated Apr 29, 2026

CVE-2025-8231

Description

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected products

Dlink/Dir 890l Firmware
cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*
Range: <=1.11b04

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.mdnvdExploit
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry
www.dlink.comnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000