Dlink Di-8400 Firmware vulnerabilities

CVE-2025-9938 [HIGH] CWE-119 CVE-2025-9938: A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yy A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

CVE-2025-8175 [HIGH] CWE-404 CVE-2025-8175: A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may

CVE-2024-52739 [HIGH] CWE-77 CVE-2024-52739: D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnera D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.

CVE-2024-44400 [CRITICAL] CWE-77 CVE-2024-44400: A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This is A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.