CVE-2025-9752
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9752
EUVD
EUVD-2025-28885
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-852_firmware 1.00cn_b09
dlink dir-852 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9752 is a critical remote command injection vulnerability in the D-Link DIR-852 router firmware version 1.00CN B09. It exists in the SOAP service's soap.cgi endpoint, specifically in the soapcgi_main function. The vulnerability occurs because the 'service' parameter in the request URI is not properly validated or sanitized, allowing an attacker to inject arbitrary operating system commands. By sending a specially crafted POST request with shell metacharacters in the 'service' parameter, an unauthenticated attacker can execute arbitrary commands on the device remotely. [1, 2, 3]

Impact Analysis

This vulnerability can severely impact you by allowing an unauthenticated remote attacker to execute arbitrary commands on your affected D-Link DIR-852 router. This compromises the device's confidentiality, integrity, and availability. An attacker could take full control of the device, potentially using it to launch further attacks, disrupt network services, or access sensitive information. Since the product is no longer supported, no official patches or mitigations exist, increasing the risk of exploitation. [2]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the /soap.cgi endpoint containing the 'service' parameter with shell metacharacters such as the pipe symbol (|). For example, using tools like netcat or curl to send crafted requests or inspecting network traffic for such patterns can help identify exploitation attempts. A specific example from the proof-of-concept is sending a POST request to /soap.cgi?service=|telnetd -p 9999|. Network intrusion detection systems can be configured to alert on such unusual requests targeting the SOAP service's 'service' parameter. [1, 3]

Mitigation Strategies

Immediate mitigation steps include replacing the affected D-Link DIR-852 device with a supported alternative, as no vendor patches or countermeasures exist. Additionally, implementing strict input validation on the 'service' parameter by enforcing a whitelist of allowed service names can prevent exploitation. Blocking or filtering incoming requests to the /soap.cgi endpoint at the network perimeter or firewall to prevent remote access to the vulnerable SOAP service is also recommended. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9752. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart