CVE-2025-10440

D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection

CVSS 5.3 MEDIUMEPSS 12.1%CWE-77 CWE-78

Vexday Risk Score

18Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 12.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 set 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

D-Link · DI-8003 D-Link · DI-8003G D-Link · DI-8100 D-Link · DI-8100G D-Link · DI-8200 D-Link · DI-8200G

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp https://vuldb.com/?ctiid.323874 https://vuldb.com/?id.323874 https://vuldb.com/?submit.647835 https://www.dlink.com/