CVE-2025-10441 | D-Link DI-8100G/DI-8200G/DI-8003G 17.12.20A1/19.12.10A1 jhttpd version_upgrade.asp sub_433F7C path os command injection

Inserito da Angelo Barbosa | Set 14, 2025 | CVE

A vulnerability described as critical has been identified in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection.

This vulnerability is cataloged as CVE-2025-10441. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-10441 | D-Link DI-8100G/DI-8200G/DI-8003G 17.12.20A1/19.12.10A1 jhttpd version_upgrade.asp sub_433F7C path os command injection

Post correlati

CVE-2024-8081 | itsourcecode Payroll Management System 1.0 login.php username sql injection

CVE-2024-0538 | Tenda W9 1.0.0.7(4456) httpd formQosManage_auto ssidIndex stack-based overflow

CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 Create User Middle Name cross site scripting

CVE-2024-39367 | Wavlink AC3000 M33A8.V5030.210505 firewall.cgi iptablesWebsFilterRun command injection (TALOS-2024-2023)