Unauthenticated Remote Code Execution Vulnerability in D-Link Router DIR-868L
CVE-2025-63932

7.3HIGH

Key Information:

Vendor: D-Link
Status: Router DIR-868L
Vendor: CVE Published:; 19 November 2025

What is CVE-2025-63932?

The D-Link Router DIR-868L A1 FW106KRb01.bin is susceptible to an unauthenticated remote code execution vulnerability in its cgibin binary. The HNAP service, which is part of the router's functionality, fails to properly filter the HTTP SOAPAction header field, allowing unauthenticated remote attackers to execute arbitrary shell commands on the affected device. This vulnerability poses a significant risk to network security, enabling potential exploitation by malicious actors.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/WhereisRain/DIR-868/tree/main

https://github.com/WhereisRain/DIR-868

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Oct 27, 2025

JSON