CVE-2025-5492

Name of the Vulnerable Software and Affected Versions D-Link DI-500WF-WT versions up to 20250511

Description A critical issue has been found, affecting the function sub 456DE8 of the file "/msp info.htm?flag=cmd" in the component "/usr/sbin/jhttpd". The manipulation of the cmd argument leads to command injection. This issue can be exploited remotely.

Recommendations For D-Link DI-500WF-WT versions up to 20250511, as a temporary workaround, consider restricting access to the "/msp info.htm?flag=cmd" endpoint to minimize the risk of exploitation. Avoid using the cmd argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.