Di 7100g C1 Firmware
Monthly
Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.
Command injection in D-Link DI-7100G C1 firmware up to version 20250928 allows remote authenticated attackers to execute arbitrary commands via the iface parameter in the /msp_info.htm?flag=qos endpoint of the jhttpd component. The vulnerability requires high-level administrative privileges and publicly available exploit code exists, but EPSS score of 0.06% indicates exploitation is unlikely in real-world scenarios due to the privilege requirement.
Command injection in D-Link DI-7100G C1 firmware version 24.04.18D1 allows authenticated remote attackers to execute arbitrary commands through manipulation of the usb_username parameter in the set_jhttpd_info function. Public exploit code exists for this vulnerability, and no patch is currently available. The medium-severity flaw requires valid credentials but can be exploited over the network with minimal complexity.
Command injection in D-Link DI-7100G C1 firmware up to version 20250928 allows remote authenticated attackers to execute arbitrary commands via the iface parameter in the /msp_info.htm?flag=qos endpoint of the jhttpd component. The vulnerability requires high-level administrative privileges and publicly available exploit code exists, but EPSS score of 0.06% indicates exploitation is unlikely in real-world scenarios due to the privilege requirement.