CVE-2025-10628

high

Published 2025-09-18 · Modified 2026-04-29

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects unknown code of the file /htdocs/cgibin/hedwig.cgi of the component Web Management Interface. Performing manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://github.com/i-Corner/cve/issues/31
https://vuldb.com/?ctiid.324658
https://vuldb.com/?id.324658
https://vuldb.com/?submit.650656
https://www.dlink.com/
https://github.com/i-Corner/cve/issues/31

CWEs

CWE-74 CWE-77

Verify integrity in audit chain (admin only). AS-IS.