D-Link DI-8100 Command Injection Vulnerability Allowing Privileged Shell Access

Vulnerability

A command injection vulnerability has been identified in the D-Link DI-8100 router, specifically in version 16.07.26A1. This vulnerability allows attackers to execute arbitrary commands by sending specially crafted HTTP requests. Exploiting this flaw could lead to unauthorized command execution with the highest privileges, providing shell access to the firmware system.

Impact

Exploitation of this vulnerability allows for command injection, with the executed commands running in a privileged context, potentially leading to unauthorized access or control over the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DI-8100 Command Injection Vulnerability Allowing Privileged Shell Access

Vulnerability

Impact

Affected Products

D-link DI-8100

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating