How severe is CVE-2025-15357?

CVE-2025-15357 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-15357

Name: di-7400g\+
Author: dlink

6.3MEDIUM

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The at

Veröffentlicht: 12/30/2025Aktualisiert: 1/9/2026

Beschreibung

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

KI-AnalyseKI-gestützt

Betroffene Produkte

dlinkdi-7400g\+_firmware

19.12.25a1

dlinkdi-7400g\+

Referenzen

https://github.com/xyh4ck/iot_poc/tree/main/D-Link_DI_7400G%2B_Command_Injection
ExploitThird Party Advisory
https://vuldb.com/?ctiid.338743
Permissions RequiredVDB Entry
https://vuldb.com/?id.338743
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.726376
Third Party AdvisoryVDB Entry
https://www.dlink.com/
Product