CVE-2025-8231

MEDIUM

D-Link DIR-890L <111b04 - Hard-Coded Credentials

Title source: llm

Description

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.317819

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.317819

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.622337

[Exploit] https://github.com/Nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.md

View Exploit ZIP pw:eip

[Product] https://www.dlink.com/

Scores

CVSS v3 6.8

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

dlink/dir-890l_firmware < 1.11b04

Published Jul 27, 2025

Tracked Since Feb 18, 2026