14 matches found
CVE-2025-11335
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...
CVE-2025-11335
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...
CVE-2025-11335
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...
EUVD-2025-32533
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub46409C of the file /mspinfo.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out...
D-Link DI-7100G 安全漏洞
D-Link DI-7100G is an Internet Behavior Management router for SMBs, supporting Gigabit network transfer rate some models are labeled as 100 Gigabit, equipped with 4 WAN interfaces and 1 LAN interface, built-in USB2.0 ports, and compliant with IEEE802.11n/g/b wireless standard and IEEE802.3 wired...
CVE-2025-8175
CVE-2025-8175 affects D-Link DI-8400, version 16.07.26A1, where the jhttpd component’s usb_paswd.asp contains a vulnerable handling path for the parameter share_enable . Manipulating this argument triggers a null pointer dereference, enabling a remote attack and potentially causing a service cras...
CVE-2025-7911
D-Link DI-8100 1.0 is affected by a stack-based buffer overflow in the jhttpd component (sprintf in /upnp_ctrl.asp). The issue results from improper handling of the remove_ext_proto/remove_ext_port parameters, enabling remote exploitation. Public exploits have been disclosed. No patch/version inf...
CVE-2025-7911 D-Link DI-8100 jhttpd upnp_ctrl.asp sprintf stack-based overflow
A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnpctrl.asp of the component jhttpd. The manipulation of the argument removeextproto/removeextport leads to stack-based buffer overflow. The attack can be initiate...
CVE-2025-7911 D-Link DI-8100 jhttpd upnp_ctrl.asp sprintf stack-based overflow
A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnpctrl.asp of the component jhttpd. The manipulation of the argument removeextproto/removeextport leads to stack-based buffer overflow. The attack can be initiate...
PT-2025-30223 · D Link · Di-8100 +1
Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 version 1.0 Description: A critical vulnerability exists in the sprintf function within the jhttpd component of D-Link DI-8100 version 1.0. Manipulation of the remove ext proto/remove ext port argument in the /upnp ctrl.asp fil...
CVE-2025-7194 D-Link DI-500WF jhttpd ip_position.asp sprintf stack-based overflow
A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ipposition.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launch...
CVE-2025-6881
The CVE-2025-6881 entry concerns D-Link DI-8100 firmware version 16.07.21. A vulnerability exists in the jhttpd component, specifically in the /pppoe_base.asp file where the mschap_en argument is not properly validated, causing a buffer overflow. This can be triggered remotely and has been public...
CVE-2025-6881 D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow
A vulnerability was found in D-Link DI-8100 16.07.21. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pppoebase.asp of the component jhttpd. The manipulation of the argument mschapen leads to buffer overflow. The attack may be launched remotely. Th...
CVE-2025-4544 D-Link DI-8100 jhttpd ddos.asp stack-based overflow
A vulnerability was found in D-Link DI-8100 up to 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /ddos.asp of the component jhttpd. The manipulation of the argument defmax/deftime/deftcpmax/deftcptime/defudpmax/defudptime/deficmpmax leads to...