D-Link DI-7100G C1 jhttpd msp_info.htm sub_46409C command injection_CVE-2025-11335

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-11335

Source VulDB

Published Oct 6, 2025 at 12:32

Affected Product

Vendor D-Link

Product DI-7100G C1

Version 20250928

Affected Versions D-Link DI-7100G C1 20250928

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-10-06T12:32:09.515Z",
    "modified": "2025-10-06T12:32:09.515Z",
    "type": "cve",
    "title": "D-Link DI-7100G C1 jhttpd msp_info.htm sub_46409C command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327218\nhttps://vuldb.com/?ctiid.327218\nhttps://vuldb.com/?submit.664597\nhttps://www.yuque.com/jh0ng/vmpda6/fpqlhpkb0orgseav\nhttps://www.yuque.com/jh0ng/vmpda6/fpqlhpkb0orgseav#DOhrV\nhttps://www.dlink.com/",
    "id": "CVE-2025-11335",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-7100G C1 20250928",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-7100G C1",
    "version": "20250928",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}