{"cve":{"cve_id":"CVE-2025-10441","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.1211,"epss_percentile":0.95611,"epss_as_of":"2026-06-23","description":"A vulnerability was found in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.","published_at":"2025-09-15T10:32:05.537000Z","last_modified_at":null,"cvss_v3_score":6.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","cvss_v3_severity":"MEDIUM","cvss_v4_score":5.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-78","CWE-77"],"nvd_references":["https://vuldb.com/?id.323875","https://vuldb.com/?ctiid.323875","https://vuldb.com/?submit.647837","https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md","https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md#poc","https://www.dlink.com/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:25:06.490975Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"},{"metric":"E","name":"E","value":"P","value_label":"Physical"},{"metric":"RL","name":"RL","value":"X","value_label":"X"},{"metric":"RC","name":"RC","value":"R","value_label":"Required"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"P","value_label":"Physical"}]},"affected":[{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8003g","product_name":"DI-8003G","version_start":"17.12.20A1","version_start_inclusive":true,"version_end":"17.12.20A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8003g:17.12.20A1:17.12.20A1"},{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8003g","product_name":"DI-8003G","version_start":"19.12.10A1","version_start_inclusive":true,"version_end":"19.12.10A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8003g:19.12.10A1:19.12.10A1"},{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8100g","product_name":"DI-8100G","version_start":"17.12.20A1","version_start_inclusive":true,"version_end":"17.12.20A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8100g:17.12.20A1:17.12.20A1"},{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8100g","product_name":"DI-8100G","version_start":"19.12.10A1","version_start_inclusive":true,"version_end":"19.12.10A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8100g:19.12.10A1:19.12.10A1"},{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8200g","product_name":"DI-8200G","version_start":"17.12.20A1","version_start_inclusive":true,"version_end":"17.12.20A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8200g:17.12.20A1:17.12.20A1"},{"vendor_slug":"d-link","vendor_name":"D-Link","product_slug":"di-8200g","product_name":"DI-8200G","version_start":"19.12.10A1","version_start_inclusive":true,"version_end":"19.12.10A1","version_end_inclusive":true,"cpe23_uri":"cve5:d-link:di-8200g:19.12.10A1:19.12.10A1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://vuldb.com/?id.323875","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?ctiid.323875","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?submit.647837","source_type":"MISC","tags":[]},{"url":"https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md","source_type":"MISC","tags":[]},{"url":"https://github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_2.md#poc","source_type":"MISC","tags":[]},{"url":"https://www.dlink.com/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-09-15T10:32:05.537000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:40:58.804819Z","label":"CVSS score revised","source":"cvelistv5"}]}