D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection_CVE-2025-10440

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-10440

Source VulDB

Published Sep 15, 2025 at 10:02

Affected Product

Vendor D-Link

Product DI-8100

Version 16.07.26A1

Affected Versions D-Link DI-8100 16.07.26A1
D-Link DI-8100 17.12.20A1
D-Link DI-8100 19.12.10A1
D-Link DI-8100G 16.07.26A1
D-Link DI-8100G 17.12.20A1
D-Link DI-8100G 19.12.10A1
D-Link DI-8200 16.07.26A1
D-Link DI-8200 17.12.20A1
D-Link DI-8200 19.12.10A1
D-Link DI-8200G 16.07.26A1
D-Link DI-8200G 17.12.20A1
D-Link DI-8200G 19.12.10A1
D-Link DI-8003 16.07.26A1
D-Link DI-8003 17.12.20A1
D-Link DI-8003 19.12.10A1
D-Link DI-8003G 16.07.26A1
D-Link DI-8003G 17.12.20A1
D-Link DI-8003G 19.12.10A1

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-15T10:02:07.376Z",
    "modified": "2025-09-15T10:02:07.376Z",
    "type": "cve",
    "title": "D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.323874\nhttps://vuldb.com/?ctiid.323874\nhttps://vuldb.com/?submit.647835\nhttps://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md\nhttps://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp\nhttps://www.dlink.com/",
    "id": "CVE-2025-10440",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-8100 16.07.26A1\nD-Link DI-8100 17.12.20A1\nD-Link DI-8100 19.12.10A1\nD-Link DI-8100G 16.07.26A1\nD-Link DI-8100G 17.12.20A1\nD-Link DI-8100G 19.12.10A1\nD-Link DI-8200 16.07.26A1\nD-Link DI-8200 17.12.20A1\nD-Link DI-8200 19.12.10A1\nD-Link DI-8200G 16.07.26A1\nD-Link DI-8200G 17.12.20A1\nD-Link DI-8200G 19.12.10A1\nD-Link DI-8003 16.07.26A1\nD-Link DI-8003 17.12.20A1\nD-Link DI-8003 19.12.10A1\nD-Link DI-8003G 16.07.26A1\nD-Link DI-8003G 17.12.20A1\nD-Link DI-8003G 19.12.10A1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-8100",
    "version": "16.07.26A1",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}