How severe is CVE-2025-15357?

CVE-2025-15357 has a CVSS v3 score of 6.3 (MEDIUM).

CVE-2025-15357

Name: di-7400g\+
Author: dlink

6.3MEDIUM

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The at

Publicado: 12/30/2025Actualizado: 1/9/2026

Descripción

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Análisis IAImpulsado por IA

Productos Afectados

dlinkdi-7400g\+_firmware

19.12.25a1

dlinkdi-7400g\+

Referencias

https://github.com/xyh4ck/iot_poc/tree/main/D-Link_DI_7400G%2B_Command_Injection
ExploitThird Party Advisory
https://vuldb.com/?ctiid.338743
Permissions RequiredVDB Entry
https://vuldb.com/?id.338743
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.726376
Third Party AdvisoryVDB Entry
https://www.dlink.com/
Product