CVE-2025-51385

CWE-121Stack-based Buffer OverflowCWE-78OS Command Injection5 documents5 sources
Severity
3.5LOW
EPSS
0.0%
top 96.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Di-8200 Firmware
Timeline
PublishedJul 31

Description

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages1 packages

NVDdlink/di-8200_firmware16.07.26a1

🔴Vulnerability Details

2
CVEList
CVE-2025-51385: D-LINK DI-8200 162025-07-31
GHSA
GHSA-wqcc-7crj-3p76: D-LINK DI-8200 162025-07-31

📋Vendor Advisories

1
Microsoft
In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example 2023-12-12

🕵️Threat Intelligence

1
Huntress
CVE-2023-51385 Vulnerability: Analysis, Impact, Mitigation | Huntress
CVE-2025-51385 (LOW CVSS 3.5) | D-LINK DI-8200 16.07.26A1 is vulner | cvebase.io