CNNVD-202509-2254 Information

CNNVD ID

CNNVD-202509-2254

Related CVE

CVE-2025-10441

• CNNVD Published: 2025-09-15

Description (Chinese)

D-Link DI-8100G等都是中国友讯（D-Link）公司的产品。D-Link DI-8100G是一个千兆上网行为管理认证路由器。D-Link DI-8200G是一款企业级路由器。D-Link DI-8300G是一款专为中小型网络环境设计的无线宽带路由器。 D-Link多款产品存在操作系统命令注入漏洞，该漏洞源于jhttpd组件中version_upgrade.asp文件的sub_433F7C函数对参数path的错误操作，可能导致os命令注入攻击。以下产品和版本受到影响：D-Link DI-8100G、DI-8200G和DI-8003G 17.12.20A1版本和19.12.10A1版本。

Description (English)

D-Link DI-8100G and others are products of the Chinese company D-Link. The D-Link DI-8100G is a Gigabonne behaviour management authentication router. D-Link DI-8200G is an enterprise router. D-Link DI-8300G is a wireless broadband router specifically designed for small and medium-sized network environments. The D-Link multi-products have an operational system command leak, which results from the error of the sub 433F7C function of version upgrade.asp in jhttpd component on parath, which could lead to an Os command injection attack. The following products and versions were affected: D-Link DI-8100G, D-8200G and DI-803G 17.12.20A1 and 19.12.10A1

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

D3D

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md#poc https://vuldb.com/?ctiid.323875 https://vuldb.com/?id.323875 https://vuldb.com/?submit.647837 https://www.dlink.com/