CVE-2025-9769
4.1MEDIUMA security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345
Publicado: 9/1/2025Actualizado: 9/4/2025
Descripción
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Análisis IAImpulsado por IA
Productos Afectados
dlinkdi-7400g\+_firmware
19.12.25a1
dlinkdi-7400g\+
v2.a1
Referencias
- https://github.com/xyh4ck/iot_pocExploitThird Party Advisory
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-processExploitThird Party Advisory
- https://vuldb.com/?ctiid.322069Permissions RequiredVDB Entry
- https://vuldb.com/?id.322069Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.640779Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
- https://github.com/xyh4ck/iot_pocExploitThird Party Advisory
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-processExploitThird Party Advisory