Sign-up

ID

VAR-202508-2473


CVE

CVE-2025-9745


TITLE

D-Link Corporation  of  DI-500WF  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-013162

DESCRIPTION

A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. D-Link Corporation of DI-500WF The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-500WF is a panel-mounted wireless access point (AP) primarily used for building wireless network coverage environments. It supports the 802.11n protocol and has a theoretical maximum transmission rate of 150Mbps. This vulnerability stems from the fact that the parameter `path` in the file `/version_upgrade.asp` fails to properly filter special characters and commands used in command construction. Detailed vulnerability information is not currently available

Trust: 2.16

sources: NVD: CVE-2025-9745 // JVNDB: JVNDB-2025-013162 // CNVD: CNVD-2025-25751

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-25751

AFFECTED PRODUCTS

vendor:dlinkmodel:di-500wfscope:eqversion:14.04.10a1t

Trust: 1.0

vendor:d linkmodel:di-500wfscope:eqversion:di-500wf firmware 14.04.10a1t

Trust: 0.8

vendor:d linkmodel:di-500wfscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:di-500wfscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link di-500wf 14.04.10a1tscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-25751 // JVNDB: JVNDB-2025-013162 // NVD: CVE-2025-9745

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9745
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-9745
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-013162
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-25751
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-9745
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-013162
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-25751
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-9745
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9745
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-013162
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-25751 // JVNDB: JVNDB-2025-013162 // NVD: CVE-2025-9745 // NVD: CVE-2025-9745

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013162 // NVD: CVE-2025-9745

EXTERNAL IDS

db:NVDid:CVE-2025-9745

Trust: 3.2

db:VULDBid:322044

Trust: 1.8

db:JVNDBid:JVNDB-2025-013162

Trust: 0.8

db:CNVDid:CNVD-2025-25751

Trust: 0.6

sources: CNVD: CNVD-2025-25751 // JVNDB: JVNDB-2025-013162 // NVD: CVE-2025-9745

REFERENCES

url:https://github.com/physicszq/routers/blob/main/tmp/01/poc.py

Trust: 1.8

url:https://github.com/physicszq/routers/tree/main/tmp/01

Trust: 1.8

url:https://vuldb.com/?id.322044

Trust: 1.8

url:https://vuldb.com/?submit.640394

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-9745

Trust: 1.4

url:https://vuldb.com/?ctiid.322044

Trust: 1.0

sources: CNVD: CNVD-2025-25751 // JVNDB: JVNDB-2025-013162 // NVD: CVE-2025-9745

SOURCES

db:CNVDid:CNVD-2025-25751
db:JVNDBid:JVNDB-2025-013162
db:NVDid:CVE-2025-9745

LAST UPDATE DATE

2025-11-19T23:33:01.936000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-25751date:2025-10-30T00:00:00
db:JVNDBid:JVNDB-2025-013162date:2025-09-05T09:32:00
db:NVDid:CVE-2025-9745date:2025-09-04T16:47:38.047

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-25751date:2025-10-30T00:00:00
db:JVNDBid:JVNDB-2025-013162date:2025-09-05T00:00:00
db:NVDid:CVE-2025-9745date:2025-08-31T21:15:30.983