Primary

Context

D-Link DI-8400 Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the D-Link DI-8400 router, specifically in the jhttpd component within the usb_paswd.asp file, version 16.07.26A1. The vulnerability arises when the 'share_enable' parameter is not included in the request or is left empty, causing the application to crash by attempting to access a null pointer. This issue can be exploited remotely.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the web program to crash.

Reproduction

To reproduce this vulnerability, send a GET request to the 'usb_paswd.asp' endpoint without the 'share_enable' parameter or with an empty value. The server will then attempt to dereference a null pointer, causing a crash.

Added: Jul 26, 2025, 3:16 AM

Updated: Jul 26, 2025, 3:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DI-8400 Null Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DI-8400

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating