CVE-2025-10440 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection

Inserito da Angelo Barbosa | Set 14, 2025 | CVE

A vulnerability marked as critical has been reported in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection.

This vulnerability is listed as CVE-2025-10440. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2025-10440 | D-Link DI-8100/DI-8100G/DI-8200/DI-8200G/DI-8003/DI-8003G jhttpd usb_paswd.asp sub_4621DC os command injection

Post correlati

CVE-2024-48904 | Trend Micro Cloud Edge REST API command injection (ZDI-24-1418)

CVE-2024-10754 | PHPGurukul Online Shopping Portal 2.0 dymanic_table.php scripts cross site scripting

CVE-2024-9821 | Bot for Telegram on WooCommerce Plugin up to 1.2.4 on WordPress Telegram Bot Token information disclosure

CVE-2024-43032 | autMan 2.9.6 Web Request improper authentication