Search criteria
2 vulnerabilities found for DI-8200 by D-Link
CVE-2025-10440 (GCVE-0-2025-10440)
Vulnerability from cvelistv5 – Published: 2025-09-15 10:02 – Updated: 2025-09-15 16:27
VLAI?
Title
D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection
Summary
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| D-Link | DI-8100 |
Affected:
16.07.26A1
Affected: 17.12.20A1 Affected: 19.12.10A1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
shiny (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T16:27:43.933970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T16:27:56.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jhttpd"
],
"product": "DI-8100",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8100G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8200",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8200G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8003",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8003G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 wurde eine Schwachstelle gefunden. Es betrifft die Funktion sub_4621DC der Datei usb_paswd.asp der Komponente jhttpd. Die Ver\u00e4nderung des Parameters hname resultiert in os command injection. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:02:07.376Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323874 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323874"
},
{
"name": "VDB-323874 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323874"
},
{
"name": "Submit #647835 | D-Link D-Link DI-8100\u3001DI-8100G\u3001DI-8200\u3001DI-8200G\u3001DI-8003\u3001DI-8003G DI_8100-16.07.26A1 DI_8100G-17.12.20A1 DI_8200-16.07.26A1 DI_8200G-17.12.20A1 DI_8003-16.07.26A1 DI_8003G-19.12.10A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.647835"
},
{
"tags": [
"related"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-14T17:43:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10440",
"datePublished": "2025-09-15T10:02:07.376Z",
"dateReserved": "2025-09-14T15:38:46.023Z",
"dateUpdated": "2025-09-15T16:27:56.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10440 (GCVE-0-2025-10440)
Vulnerability from nvd – Published: 2025-09-15 10:02 – Updated: 2025-09-15 16:27
VLAI?
Title
D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection
Summary
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| D-Link | DI-8100 |
Affected:
16.07.26A1
Affected: 17.12.20A1 Affected: 19.12.10A1 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
shiny (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T16:27:43.933970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T16:27:56.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jhttpd"
],
"product": "DI-8100",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8100G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8200",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8200G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8003",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
},
{
"modules": [
"jhttpd"
],
"product": "DI-8003G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.26A1"
},
{
"status": "affected",
"version": "17.12.20A1"
},
{
"status": "affected",
"version": "19.12.10A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shiny (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1 wurde eine Schwachstelle gefunden. Es betrifft die Funktion sub_4621DC der Datei usb_paswd.asp der Komponente jhttpd. Die Ver\u00e4nderung des Parameters hname resultiert in os command injection. Der Angriff kann remote ausgef\u00fchrt werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T10:02:07.376Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-323874 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.323874"
},
{
"name": "VDB-323874 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.323874"
},
{
"name": "Submit #647835 | D-Link D-Link DI-8100\u3001DI-8100G\u3001DI-8200\u3001DI-8200G\u3001DI-8003\u3001DI-8003G DI_8100-16.07.26A1 DI_8100G-17.12.20A1 DI_8200-16.07.26A1 DI_8200G-17.12.20A1 DI_8003-16.07.26A1 DI_8003G-19.12.10A1 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.647835"
},
{
"tags": [
"related"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-14T17:43:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10440",
"datePublished": "2025-09-15T10:02:07.376Z",
"dateReserved": "2025-09-14T15:38:46.023Z",
"dateUpdated": "2025-09-15T16:27:56.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}