How severe is CVE-2025-15357?

CVE-2025-15357 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-15357

Name: di-7400g\+
Author: dlink

6.3MEDIUM

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The at

Published: 12/30/2025Updated: 1/9/2026

Description

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

AI AnalysisPowered by AI

Affected Products

dlinkdi-7400g\+_firmware

19.12.25a1

dlinkdi-7400g\+

References

https://github.com/xyh4ck/iot_poc/tree/main/D-Link_DI_7400G%2B_Command_Injection
ExploitThird Party Advisory
https://vuldb.com/?ctiid.338743
Permissions RequiredVDB Entry
https://vuldb.com/?id.338743
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.726376
Third Party AdvisoryVDB Entry
https://www.dlink.com/
Product