Details of VAR-202507-2550

ID

VAR-202507-2550

CVE

CVE-2025-8175

TITLE

D-Link DI-8400 Null Pointer Dereference Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-17381

DESCRIPTION

A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The D-Link DI-8400 is a D-Link router designed for mid-to-large enterprise networks. It supports up to 360 concurrent users and features a full Gigabit Ethernet port configuration. The D-Link DI-8400 suffers from a null pointer dereference vulnerability caused by improper handling of the share_enable parameter in the usb_paswd.asp file of the jhttpd component. An attacker could exploit this vulnerability to cause the service to crash

Trust: 1.44

sources: NVD: CVE-2025-8175 // CNVD: CNVD-2025-17381

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-17381

AFFECTED PRODUCTS

vendor:

d link

model:

di-8400 16.07.26a1

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-17381

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8175
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-17381
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2025-8175
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-17381
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8175
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-17381 // NVD: CVE-2025-8175

PROBLEMTYPE DATA

problemtype:	CWE-404	Trust: 1.0
problemtype:	CWE-476	Trust: 1.0

sources: NVD: CVE-2025-8175

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8175	Trust: 1.6
db:	VULDB	id:	317589	Trust: 1.6
db:	CNVD	id:	CNVD-2025-17381	Trust: 0.6

sources: CNVD: CNVD-2025-17381 // NVD: CVE-2025-8175

REFERENCES

url:	https://vuldb.com/?id.317589	Trust: 1.6
url:	https://vuldb.com/?ctiid.317589	Trust: 1.6
url:	https://vuldb.com/?submit.621708	Trust: 1.6
url:	https://github.com/kriswu1337/cve/blob/main/di_8400%20null%20pointer%20dereference%20vulnerability.md	Trust: 1.6
url:	https://www.dlink.com/	Trust: 1.6

sources: CNVD: CNVD-2025-17381 // NVD: CVE-2025-8175

SOURCES

db:	CNVD	id:	CNVD-2025-17381
db:	NVD	id:	CVE-2025-8175

LAST UPDATE DATE

2025-08-02T23:14:06.531000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-17381	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-8175	date:	2025-07-29T14:14:55.157

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-17381	date:	2025-08-01T00:00:00
db:	NVD	id:	CVE-2025-8175	date:	2025-07-26T03:15:25.743