CVE-2025-9745

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DI-500WF version 14.04.10A1T

Description A security issue has been identified in D-Link DI-500WF. The vulnerability resides in an unknown function within the /version upgrade.asp file of the jhttpd component. Manipulation of the path argument can lead to os command injection, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-11435

CVE-2025-9745

Affected Products

Di-500Wf

Jhttpd

CVE-2025-9745

Weakness Enumeration

Related Identifiers

Affected Products

References · 15