CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2025/07/08 12:0 a.m.•2 views

D-Link DI-500WF 安全漏洞

D-Link DI-500WF is a panel type wireless AP access point, designed with international wireless standards, supporting 2.4GHz band, wireless transmission speed up to 300Mbps, in line with the green concept. A buffer overflow vulnerability exists in the D-Link DI-500WF. The vulnerability stems from...

9CVSS8.9AI score0.0076EPSS

Exploits1References6

RedhatCVE•added 2025/07/02 2:3 a.m.•7 views

CVE-2025-6881

A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoebase.asp of the component jhttpd. The manipulation of the argument mschapen leads to buffer overflow. The attack may be launched remotely. Th...

9CVSS7.3AI score0.00833EPSS

Positive Technologies•added 2025/07/01 12:0 a.m.•2 views

PT-2025-28737 · D Link · D-Link Di-500Wf

Name of the Vulnerable Software and Affected Versions: D-Link DI-500WF version 17.04.10A1T Description: A critical issue affects the sprintf function of the ip position.asp file in the jhttpd component. Manipulation of the ip argument leads to a stack-based buffer overflow. This issue can be...

9CVSS8.7AI score0.0076EPSS

Exploits1References8

NVD•added 2025/06/30 2:15 a.m.•3 views

CVE-2025-6881

9CVSS0.00833EPSS

OSV•added 2025/06/30 2:15 a.m.•3 views

CVE-2025-6881

8.7CVSS6.3AI score0.00833EPSS

Cvelist•added 2025/06/30 1:32 a.m.•5 views

CVE-2025-6881 D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow

9CVSS0.00833EPSS

CVE•added 2025/06/30 1:32 a.m.•22 views

CVE-2025-6881

The CVE-2025-6881 entry concerns D-Link DI-8100 firmware version 16.07.21. A vulnerability exists in the jhttpd component, specifically in the /pppoe_base.asp file where the mschap_en argument is not properly validated, causing a buffer overflow. This can be triggered remotely and has been public...

9CVSS7.1AI score0.00833EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2025/06/30 1:32 a.m.•2 views

CVE-2025-6881 D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow

9CVSS8.8AI score0.00833EPSS

BDU FSTEC•added 2025/06/05 12:0 a.m.•2 views

The vulnerability of the sub_456DE8() function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the sub456DE8 function in the jhttpd web server of the D-Link DI-500WF-WT router microprogramming system is related to the lack of data cleaning measures at the control level when processing the cmd parameter. Exploiting this vulnerability allows an attacker to execute...

6.5CVSS0.00753EPSS

Exploits0References3

OSV•added 2025/06/03 11:15 a.m.•2 views

CVE-2025-5492

A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub456DE8 of the file /mspinfo.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack...

8.8CVSS5.5AI score

Exploits0References4

NVD•added 2025/05/27 4:15 a.m.•10 views

CVE-2025-5228

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

8.8CVSS0.01617EPSS

Cvelist•added 2025/05/27 3:0 a.m.•16 views

CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow

8.8CVSS0.01617EPSS

Vulnrichment•added 2025/05/27 3:0 a.m.•9 views

CVE-2025-5228 D-Link DI-8100 jhttpd login.cgi httpd_get_parm stack-based overflow

8.8CVSS7AI score0.01617EPSS

RedhatCVE•added 2025/05/23 7:23 a.m.•3 views

CVE-2024-44381

D-Link DI8004W 16.07.26A1 contains a command execution vulnerability in jhttpd mspinfohtm function...

9.8CVSS7.2AI score0.02906EPSS

RedhatCVE•added 2025/05/23 7:23 a.m.•3 views

CVE-2024-44382

D-Link DI8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgradefilterasp function...

9.8CVSS7.2AI score0.00818EPSS

BDU FSTEC•added 2025/05/23 12:0 a.m.•1 views

The vulnerability of the jhttpd component in D-Link DI-8100 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the jhttpd component in D-Link DI-8100 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

7.1CVSS0.01271EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/05/13 10:11 p.m.•23 views

CVE-2025-4544

A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument defmax/deftime/deftcpmax/deftcptime/defudpmax/defudptime/deficmpmax leads to...

7.5CVSS7.4AI score0.01271EPSS

NVD•added 2025/05/11 7:15 p.m.•19 views

CVE-2025-4544

7.5CVSS0.01271EPSS

Vulnrichment•added 2025/05/11 6:31 p.m.•9 views

CVE-2025-4544 D-Link DI-8100 jhttpd ddos.asp stack-based overflow

7.5CVSS6.7AI score0.01271EPSS