CVE-2025-10440
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| d-link | di-8100g | 17.12.20A1 |
| d-link | di-8100 | 16.07.26A1 |
| d-link | di-8003 | 16.07.26A1 |
| d-link | di-8003g | 19.12.10A1 |
| d-link | di-8200 | 16.07.26A1 |
| d-link | di-8200g | 17.12.20A1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10440 is a command injection vulnerability in multiple D-Link router models (DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003, DI-8003G) in specific firmware versions. The flaw exists in the usb_paswd.asp web interface, specifically in the function sub_4621DC of the jhttpd component, where the 'hname' parameter is improperly sanitized. An attacker can remotely send specially crafted input to this parameter to execute arbitrary operating system commands on the device, potentially gaining full control over the affected router. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute arbitrary OS commands on affected D-Link routers without authentication. Successful exploitation can lead to full control over the device, impacting its confidentiality, integrity, and availability. This means attackers could manipulate device settings, intercept or disrupt network traffic, or cause denial of service, potentially compromising the security and functionality of your network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable usb_paswd.asp web interface on affected D-Link router models. One method is to use network scanning tools or web request tools to identify if the URL path /usb_paswd.asp is accessible on devices in your network. Additionally, Google dorking with the query "inurl:usb_paswd.asp" can help identify vulnerable devices exposed on the internet. Since the vulnerability involves command injection via the "hname" parameter, sending crafted HTTP requests to this parameter and observing unexpected behavior or command execution can confirm exploitation. Specific commands are not provided, but using tools like curl or wget to send test requests to the usb_paswd.asp endpoint with various "hname" values may help detect the issue. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been reported for this vulnerability. The recommended immediate step is to replace affected devices with alternative products that are not vulnerable. Limiting exposure of the affected devices to untrusted networks and disabling remote access to the usb_paswd.asp interface, if possible, may reduce risk until replacement can be done. [2]