Description
A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
In D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1 ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion sub_433F7C der Datei version_upgrade.asp der Komponente jhttpd. Die Bearbeitung des Arguments path verursacht os command injection. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
Problem types
Product status
19.12.10A1
19.12.10A1
19.12.10A1
Timeline
| 2025-09-14: | Advisory disclosed |
| 2025-09-14: | VulDB entry created |
| 2025-09-14: | VulDB entry last update |
Credits
shiny (VulDB User)
References
vuldb.com/?id.323875 (VDB-323875 | D-Link DI-8100G/DI-8200G/DI-8003G jhttpd version_upgrade.asp sub_433F7C os command injection)
vuldb.com/?ctiid.323875 (VDB-323875 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.647837 (Submit #647837 | D-Link D-Link DI-8100G、DI-8200G、DI-8003G DI_8100G-17.12.20A1 DI_8200G-17.12.20A1 DI_8003G-19.12.10A1 OS Command Injection)
github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md
github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md
www.dlink.com/
