PT-2025-37467 · Jhttpd+1 · Jhttpd+3
Shiny
·
Published
2025-09-04
·
Updated
2025-09-15
·
CVE-2025-10441
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
D-Link DI-8100G versions 17.12.20A1 and 19.12.10A1
D-Link DI-8200G versions 17.12.20A1 and 19.12.10A1
D-Link DI-8003G versions 17.12.20A1 and 19.12.10A1
Description
A vulnerability exists due to the manipulation of the
path argument within the sub 433F7C function of the version upgrade.asp file, a component of jhttpd, leading to OS command injection. This issue can be exploited remotely.Recommendations
D-Link DI-8100G versions 17.12.20A1 and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
D-Link DI-8200G versions 17.12.20A1 and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
D-Link DI-8003G versions 17.12.20A1 and 19.12.10A1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Di-8003G
Di-8100
Di 8200
Jhttpd