CVE-2025-5492 | D-Link DI-500WF-WT up to 20250511 /usr/sbin/jhttpd /msp_info.htm?flag=cmd sub_456DE8 command injection

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection.

This vulnerability is known as CVE-2025-5492. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2025-5492 | D-Link DI-500WF-WT up to 20250511 /usr/sbin/jhttpd /msp_info.htm?flag=cmd sub_456DE8 command injection

Post correlati

CVE-2022-3836 | Seed Social Plugin up to 2.0.3 on WordPress Setting cross site scripting

CVE-2024-43439 | Moodle H5P Error Message cross site scripting

CVE-2024-32140 | Libsyn Publisher Hub Plugin up to 1.4.4 on WordPress cross site scripting

CVE-2024-49806 | IBM Security Verify Access up to 10.0.8 hard-coded credentials