A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/scanleale/IOT_sec/blob/main/DIR-816L.pdf | Exploit Third Party Advisory | 
| https://vuldb.com/?ctiid.322016 | Permissions Required VDB Entry | 
| https://vuldb.com/?id.322016 | Third Party Advisory VDB Entry | 
| https://vuldb.com/?submit.639698 | Third Party Advisory VDB Entry | 
| https://www.dlink.com/ | Product | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
History
                    01 Oct 2025, 20:42
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://github.com/scanleale/IOT_sec/blob/main/DIR-816L.pdf - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.322016 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.322016 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.639698 - Third Party Advisory, VDB Entry | |
| References | () https://www.dlink.com/ - Product | |
| First Time | Dlink Dlink dir-816l Dlink dir-816l Firmware | |
| CPE | cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-816l_firmware:2.06b01:*:*:*:*:*:*:* | 
31 Aug 2025, 12:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-08-31 12:15
Updated : 2025-10-01 20:42
NVD link : CVE-2025-9727
Mitre link : CVE-2025-9727
CVE.ORG link : CVE-2025-9727
JSON object : View
Products Affected
                dlink
- dir-816l
- dir-816l_firmware
