D-Link DIR-890L Hard-Coded Credentials Vulnerability in UART Port

Vulnerability

A critical vulnerability exists in the D-Link DIR-890L router, affecting versions through DIR890LA1_FW111b04. The issue arises from hard-coded credentials embedded in the 'rgbin' binary, specifically for UART port authentication. This vulnerability allows users with physical access to the device to log into the UART port and gain root privileges.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device's UART port, where hard-coded credentials can be used to gain root privileges on the router.

Added: Jul 27, 2025, 2:19 PM

Updated: Jul 27, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DIR-890L Hard-Coded Credentials Vulnerability in UART Port

Vulnerability

Impact

Affected Products

D-Link DIR-890L

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating