141 matches found
PT-2025-37463
Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8100G versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200 versions 16.07.26A1, 17.12.20A1, and 19.12.10A1 D-Link DI-8200G versions 16.07.26A1, 17.12.20A1, and...
PT-2025-37467
Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8200G versions 17.12.20A1 and 19.12.10A1 D-Link DI-8003G versions 17.12.20A1 and 19.12.10A1 Description: A vulnerability exists due to the manipulation of the path argument within t...
D-Link多款产品 操作系统命令注入漏洞
D-Link DI-8100G and others are products of China AUO D-Link.D-Link DI-8100G is a Gigabit Internet Behavior Management certified router.D-Link DI-8200G is an enterprise-class router.D-Link DI-8300G is a wireless broadband router designed for small and medium-sized network environments.The...
CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9745
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9745 D-Link DI-500WF jhttpd version_upgrade.asp os command injection
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9745 D-Link DI-500WF jhttpd version_upgrade.asp os command injection
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /versionupgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit ha...
CVE-2025-9745
CVE-2025-9745 affects D-Link DI-500WF (firmware 14.04.10A1T). The vulnerability is in jhttpd’s /version_upgrade.asp where manipulating the path argument enables an OS command injection. Exploitation is remote and publicly disclosed (at least a PoC exists). Connected sources corroborate the affect...
PT-2025-35426
Name of the Vulnerable Software and Affected Versions: D-Link DI-500WF version 14.04.10A1T Description: A security issue has been identified in D-Link DI-500WF. The vulnerability resides in an unknown function within the /version upgrade.asp file of the jhttpd component. Manipulation of the path...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...
CVE-2025-57105
CVE-2025-57105 affects the D-Link DI-7400G+ router. The vulnerability resides in the jhttpd-based code paths mng_platform.asp and wayos_ac_server.asp, where the GET parameter addr/ac_mng_srv_host is written to NVRAM and then passed to system(), enabling command execution. Prerequisites observed i...
CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...
PT-2025-34445 · D Link · Di-7400G+ Router
Name of the Vulnerable Software and Affected Versions: DI-7400G+ router affected versions not specified Description: The DI-7400G+ router contains a command injection flaw that enables attackers to execute arbitrary commands on the device. This issue affects the sub 478D28 function within mng...
CVE-2025-8175
A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usbpaswd.asp of the component jhttpd. The manipulation of the argument shareenable leads to null pointer dereference. It is possible to initiate the attack...
D-Link DI-8400 Null Pointer Dereference Vulnerability
D-Link DI-8400 is an Internet Behavior Management router from D-Link designed for medium to large enterprise network environments, supporting 360 users with parallel access and full Gigabit port configuration. The D-Link DI-8400 suffers from a null pointer dereference vulnerability that originate...
CVE-2025-8175
A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usbpaswd.asp of the component jhttpd. The manipulation of the argument shareenable leads to null pointer dereference. It is possible to initiate the attack...
CVE-2025-8175
CVE-2025-8175 affects D-Link DI-8400, version 16.07.26A1, where the jhttpd component’s usb_paswd.asp contains a vulnerable handling path for the parameter share_enable . Manipulating this argument triggers a null pointer dereference, enabling a remote attack and potentially causing a service cras...