Sign-up

ID

VAR-202510-0098


CVE

CVE-2025-11335


TITLE

D-Link Corporation  of  DI-7100G C1  Injection Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-019664

DESCRIPTION

A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. D-Link Corporation of DI-7100G C1 The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-7100G C1 is an enterprise-class router designed primarily for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a command injection vulnerability caused by the iface parameter in the file /msp_info.htm?flag=qos failing to properly sanitize special characters and commands when constructing commands. Detailed vulnerability details are currently unavailable

Trust: 2.16

sources: NVD: CVE-2025-11335 // JVNDB: JVNDB-2025-019664 // CNVD: CNVD-2025-24762

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-24762

AFFECTED PRODUCTS

vendor:dlinkmodel:di-7100g c1scope:eqversion:2025-09-28

Trust: 1.0

vendor:d linkmodel:di-7100g c1scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:di-7100g c1scope: - version: -

Trust: 0.8

vendor:d linkmodel:di-7100g c1scope:eqversion:di-7100g c1 firmware 2025-09-28

Trust: 0.8

vendor:d linkmodel:di-7100g c1scope:lteversion:<=20250928

Trust: 0.6

sources: CNVD: CNVD-2025-24762 // JVNDB: JVNDB-2025-019664 // NVD: CVE-2025-11335

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-11335
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-11335
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-019664
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-24762
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2025-11335
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-019664
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-24762
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-11335
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-11335
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-019664
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-24762 // JVNDB: JVNDB-2025-019664 // NVD: CVE-2025-11335 // NVD: CVE-2025-11335

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-019664 // NVD: CVE-2025-11335

EXTERNAL IDS

db:NVDid:CVE-2025-11335

Trust: 3.2

db:VULDBid:327218

Trust: 1.8

db:JVNDBid:JVNDB-2025-019664

Trust: 0.8

db:CNVDid:CNVD-2025-24762

Trust: 0.6

sources: CNVD: CNVD-2025-24762 // JVNDB: JVNDB-2025-019664 // NVD: CVE-2025-11335

REFERENCES

url:https://vuldb.com/?id.327218

Trust: 1.8

url:https://vuldb.com/?submit.664597

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.327218

Trust: 1.6

url:https://www.yuque.com/jh0ng/vmpda6/fpqlhpkb0orgseav#dohrv

Trust: 1.0

url:https://www.yuque.com/jh0ng/vmpda6/fpqlhpkb0orgseav

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-11335

Trust: 0.8

sources: CNVD: CNVD-2025-24762 // JVNDB: JVNDB-2025-019664 // NVD: CVE-2025-11335

SOURCES

db:CNVDid:CNVD-2025-24762
db:JVNDBid:JVNDB-2025-019664
db:NVDid:CVE-2025-11335

LAST UPDATE DATE

2025-11-23T23:52:06.483000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-24762date:2025-10-24T00:00:00
db:JVNDBid:JVNDB-2025-019664date:2025-11-21T09:02:00
db:NVDid:CVE-2025-11335date:2025-11-19T21:48:27.153

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-24762date:2025-10-24T00:00:00
db:JVNDBid:JVNDB-2025-019664date:2025-11-21T00:00:00
db:NVDid:CVE-2025-11335date:2025-10-06T13:15:33.100