Medium severity6.3NVD Advisory· Published Sep 15, 2025· Updated Apr 29, 2026

CVE-2025-10440

Description

A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.mdnvd
github.com/2664521593/mycve/blob/main/D-Link/D-Link_CJ_1.mdnvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd
www.dlink.comnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000