Sign-up

ID

VAR-202505-2312


CVE

CVE-2025-44084


TITLE

D-Link Systems, Inc.  of  di-8100g  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-006084

DESCRIPTION

D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. D-Link Systems, Inc. of di-8100g Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8100 is a broadband router designed by D-Link for small and medium-sized network environments. The vulnerability is caused by the lack of strict input filtering in the logic code

Trust: 2.16

sources: NVD: CVE-2025-44084 // JVNDB: JVNDB-2025-006084 // CNVD: CNVD-2025-10943

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-10943

AFFECTED PRODUCTS

vendor:dlinkmodel:di-8100gscope:eqversion:16.07.26a1

Trust: 1.0

vendor:d linkmodel:di-8100gscope: - version: -

Trust: 0.8

vendor:d linkmodel:di-8100gscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:di-8100gscope:eqversion:di-8100g firmware 16.07.26a1

Trust: 0.8

vendor:d linkmodel:d-link di-8100 16.07.26a1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-10943 // JVNDB: JVNDB-2025-006084 // NVD: CVE-2025-44084

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-44084
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-006084
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2025-10943
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-10943
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-44084
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-006084
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-10943 // JVNDB: JVNDB-2025-006084 // NVD: CVE-2025-44084

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-006084 // NVD: CVE-2025-44084

EXTERNAL IDS

db:NVDid:CVE-2025-44084

Trust: 3.2

db:JVNDBid:JVNDB-2025-006084

Trust: 0.8

db:CNVDid:CNVD-2025-10943

Trust: 0.6

sources: CNVD: CNVD-2025-10943 // JVNDB: JVNDB-2025-006084 // NVD: CVE-2025-44084

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2025-44084

Trust: 1.4

url:https://github.com/piposy/iotsec/blob/main/dlink/di8100/di8100-a1-2.md

Trust: 1.0

sources: CNVD: CNVD-2025-10943 // JVNDB: JVNDB-2025-006084 // NVD: CVE-2025-44084

SOURCES

db:CNVDid:CNVD-2025-10943
db:JVNDBid:JVNDB-2025-006084
db:NVDid:CVE-2025-44084

LAST UPDATE DATE

2025-06-03T23:20:39.229000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-10943date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-006084date:2025-06-02T03:23:00
db:NVDid:CVE-2025-44084date:2025-05-30T16:19:21.193

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-10943date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-006084date:2025-06-02T00:00:00
db:NVDid:CVE-2025-44084date:2025-05-20T17:15:49.007