CVE-2025-44084

Published: May 20, 2025Modified: May 30, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.

Affected (1)

Products: Dlink: Di 8100g Firmware

Dlink

1 product

Di 8100g Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Di 8100g Firmware	Version 16.07.26a1

Running on/with	Platform Versions
Dlink Di 8100	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md

Source: cve@mitre.org

Broken Link

https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Broken Link

Timeline

No history available yet.