CNNVD-202509-2260 Information

CNNVD ID

CNNVD-202509-2260

Related CVE

CVE-2025-10440

• CNNVD Published: 2025-09-15

Description (Chinese)

D-Link DI-8100等都是中国友讯（D-Link）公司的产品。D-Link DI-8100是一款专为中小型网络环境设计的无线宽带路由器。D-Link DI-8100G是一个千兆上网行为管理认证路由器。D-Link DI-8200是一款企业级路由器。 D-Link多款产品存在操作系统命令注入漏洞，该漏洞源于对文件usb_paswd.asp中参数hname的错误操作，可能导致os命令注入攻击。以下产品和版本受到影响：D-Link DI-8100、DI-8100G、DI-8200、DI-8200G、DI-8003和DI-8003G 16.07.26A1版本、17.12.20A1版本和19.12.10A1版本。

Description (English)

D-Link DI-8100 and others are products of the Chinese company D-Link. D-Link DI-8100 is a wireless broadband router specifically designed for small and medium-sized network environments. The D-Link DI-8100G is a Gigabonne behaviour management authentication router. D-Link DI-8200 is an enterprise router. D-Link multi-products have an operating system command leak that results from an error in the use of the parameter hname in the file usb paswd.asp, which could lead to an Os command injection attack. The following products and versions were affected: D-Link DI-8100, DI-8100G, DI-8200G, DI-8200G, DI-803 and DI-803G 16.07.26A1, 17.12.20A1 and 19.12.10A1.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

D3D

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.md#exp https://vuldb.com/?ctiid.323874 https://vuldb.com/?id.323874 https://vuldb.com/?submit.647835 https://www.dlink.com/