ID
VAR-202509-2491
CVE
CVE-2025-57636
TITLE
D-Link Corporation of di-7100g in the firmware OS Command injection vulnerability
Trust: 0.8
DESCRIPTION
OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time". The D-Link DI-7100G is a router designed for small and medium-sized enterprises that manages internet access. It supports Gigabit network transmission speeds (some models are marked as 100Mbps), features four WAN ports, one LAN port, and a built-in USB 2.0 port. It complies with the IEEE 802.11n/g/b wireless standards and the IEEE 802.3 wired standard. No detailed vulnerability details are currently available
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | di-7100g | scope: | eq | version: | 2020-02-21c1 | Trust: 1.0 |
| vendor: | d link | model: | di-7100g | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | di-7100g | scope: | eq | version: | di-7100g firmware 2020-02-21c1 | Trust: 0.8 |
| vendor: | d link | model: | di-7100g | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | di-7100g | scope: | eq | version: | 2020.2.21 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
| problemtype: | OS Command injection (CWE-78) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-57636 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2025-014848 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-24768 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/glkfc/iot-vulnerability/blob/main/d-link/dlink_1.md | Trust: 2.4 |
| url: | https://www.dlink.com/en/security-bulletin/ | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-57636 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-24768 |
| db: | JVNDB | id: | JVNDB-2025-014848 |
| db: | NVD | id: | CVE-2025-57636 |
LAST UPDATE DATE
2025-11-19T23:14:43.383000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-24768 | date: | 2025-10-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-014848 | date: | 2025-10-01T08:11:00 |
| db: | NVD | id: | CVE-2025-57636 | date: | 2025-09-25T16:07:18.607 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-24768 | date: | 2025-10-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-014848 | date: | 2025-10-01T00:00:00 |
| db: | NVD | id: | CVE-2025-57636 | date: | 2025-09-23T20:15:32.683 |