Sign-up

ID

VAR-202509-0001


CVE

CVE-2025-9752


TITLE

D-Link Corporation  of  DIR-852  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485

DESCRIPTION

A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-9752 // JVNDB: JVNDB-2025-013485

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-852scope:eqversion:1.00cn_b09

Trust: 1.0

vendor:d linkmodel:dir-852scope:eqversion:dir-852 firmware 1.00cn b09

Trust: 0.8

vendor:d linkmodel:dir-852scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-852scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485 // NVD: CVE-2025-9752

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-9752
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-9752
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2025-013485
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2025-9752
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-013485
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-9752
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-9752
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-013485
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485 // NVD: CVE-2025-9752 // NVD: CVE-2025-9752

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485 // NVD: CVE-2025-9752

EXTERNAL IDS

db:NVDid:CVE-2025-9752

Trust: 2.6

db:VULDBid:322053

Trust: 1.8

db:JVNDBid:JVNDB-2025-013485

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485 // NVD: CVE-2025-9752

REFERENCES

url:https://github.com/i-corner/cve/issues/18

Trust: 1.8

url:https://vuldb.com/?id.322053

Trust: 1.8

url:https://vuldb.com/?submit.640590

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.322053

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-9752

Trust: 0.8

sources: JVNDB: JVNDB-2025-013485 // NVD: CVE-2025-9752

SOURCES

db:JVNDBid:JVNDB-2025-013485
db:NVDid:CVE-2025-9752

LAST UPDATE DATE

2025-09-10T23:37:59.135000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-013485date:2025-09-09T05:50:00
db:NVDid:CVE-2025-9752date:2025-09-04T18:47:25.440

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-013485date:2025-09-09T00:00:00
db:NVDid:CVE-2025-9752date:2025-09-01T01:15:46.817