CVE-2025-10440

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8100G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8003 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8003G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1

Description A vulnerability exists in D-Link routers due to a command injection issue. The sub 4621DC function within the usb paswd.asp file of the jhttpd component is susceptible to exploitation. Manipulation of the hname argument can lead to operating system command injection. This attack can be initiated remotely.

Recommendations D-Link DI-8100 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DI-8100G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DI-8200 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DI-8200G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DI-8003 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DI-8003G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.