OS Command Injection Vulnerability in D-Link Products
CVE-2025-57636

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: D-Link C1
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-57636?

The vulnerability presents an OS command injection risk within the sub_47F028 function of the jhttpd service in D-Link C1 devices. An attacker could exploit this by manipulating the HTTP parameter 'time', potentially allowing unauthorized command execution on the device. Users are advised to apply necessary updates and security patches to mitigate exposure.

References

https://www.dlink.com/en/security-bulletin/

https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Li...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Aug 17, 2025

JSON