CVE-2025-44084

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:di-8100g_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8100:-:*:*:*:*:*:*:*

History

30 May 2025, 16:19

Type Values Removed Values Added
References () https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md - () https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md - Broken Link
CPE cpe:2.3:o:dlink:di-8100g_firmware:16.07.26a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:di-8100:-:*:*:*:*:*:*:*
First Time Dlink di-8100
Dlink di-8100g Firmware
Dlink
Summary
  • (es) El D-link DI-8100 16.07.26A1 es vulnerable a la inyección de comandos. Un atacante puede explotar esta vulnerabilidad manipulando solicitudes HTTP específicas, activando la falla de ejecución de comandos y obteniendo acceso de shell con privilegios máximos al sistema de firmware.

21 May 2025, 20:24

Type Values Removed Values Added
References () https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md - () https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md -
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

20 May 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-20 17:15

Updated : 2025-05-30 16:19


NVD link : CVE-2025-44084

Mitre link : CVE-2025-44084

CVE.ORG link : CVE-2025-44084


JSON object : View

Products Affected

dlink

  • di-8100g_firmware
  • di-8100
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')