CVE-2025-10440
Published: Sep 15, 2025
Modified: Sep 15, 2025
CVSS v3.1
6.3
Description
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
| Vendor | Product | Versions |
|---|---|---|
D-Link | DI-8100 | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
D-Link | DI-8100G | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
D-Link | DI-8200 | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
D-Link | DI-8200G | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
D-Link | DI-8003 | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
D-Link | DI-8003G | affected 16.07.26A1affected 17.12.20A1affected 19.12.10A1 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now