Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for DI-8003G by D-Link

    CVE-2025-10441 (GCVE-0-2025-10441)

    Vulnerability from nvd – Published: 2025-09-15 10:32 – Updated: 2025-09-15 12:03
    VLAI
    Title
    D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection
    Summary
    A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8100G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    Credits
    shiny (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10441",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T12:01:03.147093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T12:03:04.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shiny (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1 ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion sub_433F7C der Datei version_upgrade.asp der Komponente jhttpd. Die Bearbeitung des Arguments path verursacht os command injection. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T10:32:05.537Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323875 | D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323875"
            },
            {
              "name": "VDB-323875 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323875"
            },
            {
              "name": "Submit #647837 | D-Link D-Link DI-8100G\u3001DI-8200G\u3001DI-8003G DI_8100G-17.12.20A1  DI_8200G-17.12.20A1  DI_8003G-19.12.10A1 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647837"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T17:43:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10441",
        "datePublished": "2025-09-15T10:32:05.537Z",
        "dateReserved": "2025-09-14T15:38:49.906Z",
        "dateUpdated": "2025-09-15T12:03:04.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10440 (GCVE-0-2025-10440)

    Vulnerability from nvd – Published: 2025-09-15 10:02 – Updated: 2025-09-15 16:27
    VLAI
    Title
    D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection
    Summary
    A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8100 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8100G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    Credits
    shiny (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10440",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T16:27:43.933970Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T16:27:56.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shiny (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 wurde eine Schwachstelle gefunden. Es betrifft die Funktion sub_4621DC der Datei usb_paswd.asp der Komponente jhttpd. Die Ver\u00e4nderung des Parameters hname resultiert in os command injection. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T10:02:07.376Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323874 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323874"
            },
            {
              "name": "VDB-323874 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323874"
            },
            {
              "name": "Submit #647835 | D-Link D-Link DI-8100\u3001DI-8100G\u3001DI-8200\u3001DI-8200G\u3001DI-8003\u3001DI-8003G DI_8100-16.07.26A1  DI_8100G-17.12.20A1  DI_8200-16.07.26A1  DI_8200G-17.12.20A1  DI_8003-16.07.26A1  DI_8003G-19.12.10A1 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647835"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T17:43:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10440",
        "datePublished": "2025-09-15T10:02:07.376Z",
        "dateReserved": "2025-09-14T15:38:46.023Z",
        "dateUpdated": "2025-09-15T16:27:56.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10441 (GCVE-0-2025-10441)

    Vulnerability from cvelistv5 – Published: 2025-09-15 10:32 – Updated: 2025-09-15 12:03
    VLAI
    Title
    D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection
    Summary
    A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8100G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003G Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    Credits
    shiny (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10441",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T12:01:03.147093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T12:03:04.381Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shiny (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1 ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion sub_433F7C der Datei version_upgrade.asp der Komponente jhttpd. Die Bearbeitung des Arguments path verursacht os command injection. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T10:32:05.537Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323875 | D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323875"
            },
            {
              "name": "VDB-323875 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323875"
            },
            {
              "name": "Submit #647837 | D-Link D-Link DI-8100G\u3001DI-8200G\u3001DI-8003G DI_8100G-17.12.20A1  DI_8200G-17.12.20A1  DI_8003G-19.12.10A1 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647837"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T17:43:56.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10441",
        "datePublished": "2025-09-15T10:32:05.537Z",
        "dateReserved": "2025-09-14T15:38:49.906Z",
        "dateUpdated": "2025-09-15T12:03:04.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10440 (GCVE-0-2025-10440)

    Vulnerability from cvelistv5 – Published: 2025-09-15 10:02 – Updated: 2025-09-15 16:27
    VLAI
    Title
    D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection
    Summary
    A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link DI-8100 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8100G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8200G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003 Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    D-Link DI-8003G Affected: 16.07.26A1
    Affected: 17.12.20A1
    Affected: 19.12.10A1
    Create a notification for this product.
    Credits
    shiny (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10440",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T16:27:43.933970Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T16:27:56.083Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8100G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8200G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            },
            {
              "modules": [
                "jhttpd"
              ],
              "product": "DI-8003G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.07.26A1"
                },
                {
                  "status": "affected",
                  "version": "17.12.20A1"
                },
                {
                  "status": "affected",
                  "version": "19.12.10A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "shiny (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 wurde eine Schwachstelle gefunden. Es betrifft die Funktion sub_4621DC der Datei usb_paswd.asp der Komponente jhttpd. Die Ver\u00e4nderung des Parameters hname resultiert in os command injection. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T10:02:07.376Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323874 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323874"
            },
            {
              "name": "VDB-323874 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323874"
            },
            {
              "name": "Submit #647835 | D-Link D-Link DI-8100\u3001DI-8100G\u3001DI-8200\u3001DI-8200G\u3001DI-8003\u3001DI-8003G DI_8100-16.07.26A1  DI_8100G-17.12.20A1  DI_8200-16.07.26A1  DI_8200G-17.12.20A1  DI_8003-16.07.26A1  DI_8003G-19.12.10A1 OS Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647835"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T17:43:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10440",
        "datePublished": "2025-09-15T10:02:07.376Z",
        "dateReserved": "2025-09-14T15:38:46.023Z",
        "dateUpdated": "2025-09-15T16:27:56.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }