{"api_version":"1","generated_at":"2026-05-28T14:55:37+00:00","cve":"CVE-2025-8231","urls":{"html":"https://cve.report/CVE-2025-8231","api":"https://cve.report/api/cve/CVE-2025-8231.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-8231","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-8231"},"summary":{"title":"D-Link DIR-890L UART Port rgbin hard-coded credentials","description":"A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.","state":"PUBLISHED","assigner":"VulDB","published_at":"2025-07-27 14:15:24","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-259","CWE-798","CWE-798 Hard-coded Credentials","CWE-259 Use of Hard-coded Password"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"5.2","severity":"MEDIUM","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"7","severity":"HIGH","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","data":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","data":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","data":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR","data":{"baseScore":7.2,"vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/?submit.622337","name":"https://vuldb.com/?submit.622337","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.dlink.com/","name":"https://www.dlink.com/","refsource":"cna@vuldb.com","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.317819","name":"https://vuldb.com/?ctiid.317819","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.317819","name":"https://vuldb.com/?id.317819","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/Nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.md","name":"https://github.com/Nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.md","refsource":"cna@vuldb.com","tags":["Exploit"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-8231","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8231","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"D-Link","product":"DIR-890L","version":"affected 111b04","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-07-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2025-07-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2025-07-26T15:23:06.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"nich0las (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"8231","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dlink","cpe5":"dir-890l","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"8231","vulnerable":"1","versionEndIncluding":"1.11b04","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-890l_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-8231","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-07-28T14:53:58.432068Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-07-28T14:54:07.399Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"modules":["UART Port"],"product":"DIR-890L","vendor":"D-Link","versions":[{"status":"affected","version":"111b04"}]}],"credits":[{"lang":"en","type":"reporter","value":"nich0las (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"de","value":"Eine Schwachstelle wurde in D-Link DIR-890L bis 111b04 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei rgbin der Komponente UART Port. Durch das Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":7.2,"vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"Hard-coded Credentials","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-259","description":"Use of Hard-coded Password","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-07-27T13:32:05.676Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-317819 | D-Link DIR-890L UART Port rgbin hard-coded credentials","tags":["vdb-entry"],"url":"https://vuldb.com/?id.317819"},{"name":"VDB-317819 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.317819"},{"name":"Submit #622337 | D-Link DIR-890L Versions up to  DIR890LA1_FW111b04 Hard-coded Credentials","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.622337"},{"tags":["exploit"],"url":"https://github.com/Nicholas-wei/bug-discovery/blob/main/dlink/dir890-hardcoded/dir890-hardcoded.md"},{"tags":["product"],"url":"https://www.dlink.com/"}],"tags":["unsupported-when-assigned"],"timeline":[{"lang":"en","time":"2025-07-26T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2025-07-26T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2025-07-26T15:23:06.000Z","value":"VulDB entry last update"}],"title":"D-Link DIR-890L UART Port rgbin hard-coded credentials"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-8231","datePublished":"2025-07-27T13:32:05.676Z","dateReserved":"2025-07-26T13:17:33.485Z","dateUpdated":"2025-07-28T14:54:07.399Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-07-27 14:15:24","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-259","CWE-798","CWE-798 Hard-coded Credentials","CWE-259 Use of Hard-coded Password"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.2,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11b04","matchCriteriaId":"534807AE-FD98-41D5-8D94-6E0E30296E11"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*","matchCriteriaId":"B1EA89C7-4655-43A3-9D2B-D57640D56C09"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"8231","Ordinal":"1","Title":"D-Link DIR-890L UART Port rgbin hard-coded credentials","CVE":"CVE-2025-8231","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"8231","Ordinal":"1","NoteData":"A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.","Type":"Description","Title":"D-Link DIR-890L UART Port rgbin hard-coded credentials"}]}}}