CVE-2025-8231
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-27
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8231
EUVD
EUVD-2025-22822
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-890l_firmware to 1.11b04 (inc)
dlink dir-890l *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-259 The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the D-Link DIR-890L router (up to firmware 111b04) and involves hard-coded credentials embedded in the device's firmware, specifically in the 'rgbin' binary related to the UART Port component. Under certain startup conditions, the device bypasses normal authentication checks and uses a fixed password, allowing unauthorized access via the UART interface. Exploiting this requires physical access to the device and no prior authentication is needed. The vulnerability is critical and publicly disclosed with proof-of-concept exploits available. [1, 2]


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to unauthorized access to the device at a low level, compromising its confidentiality, integrity, and availability. An attacker with physical access can bypass authentication using the hard-coded credentials, potentially gaining control over the device, manipulating its functions, or disrupting its operation. Since the device is no longer supported, no official fixes are available, increasing the risk of exploitation. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability requires physical access to the D-Link DIR-890L device and involves hard-coded credentials in the UART interface. Detection would involve checking the device firmware version (up to 111b04) and verifying if the device is susceptible to UART access using the hard-coded password `35dHJLI!wyX:ut77a3d33w`. Since the attack is local and hardware-based, network detection commands are not applicable. Physical inspection and firmware version verification are recommended. Specific commands to detect this vulnerability are not provided in the available resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Since the affected D-Link DIR-890L devices are no longer supported by the vendor and the vulnerability involves hard-coded credentials accessible via physical UART interface, the recommended immediate mitigation is to replace the affected device with a supported alternative. No official patches or firmware updates are available. Limiting physical access to the device can reduce risk, but replacement is the most effective mitigation. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart