Use of Hard-coded Password

CVE-2025-8231

Medium

5.2/10

Summary

A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-259 - Use of Hard-coded Password

The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References

Advisory Timeline

Published Jul 27, 2025

Use of Hard-coded Password

CVE-2025-8231

Summary

CWE-259 - Use of Hard-coded Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS