CVE-2025-10629

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-852 version 1.00CN B09

Description A flaw exists in the Simple Service Discovery Protocol Service component of the D-Link DIR-852. The issue resides in the ssdpcgi main function within the htodcs/cgibin file. Manipulation of the ST argument can lead to command injection, potentially allowing for remote execution. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations As a temporary workaround, consider disabling the Simple Service Discovery Protocol Service until a patch is available.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

BDU:2025-12536

CVE-2025-10629

Affected Products

D-Link Dir-852

CVE-2025-10629

Weakness Enumeration

Related Identifiers

Affected Products

References · 11