CVE-2025-9769
4.1MEDIUMA security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345
Publicado: 9/1/2025Atualizado: 9/4/2025
Descrição
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Análise IADesenvolvido por IA
Produtos Afetados
dlinkdi-7400g\+_firmware
19.12.25a1
dlinkdi-7400g\+
v2.a1
Referências
- https://github.com/xyh4ck/iot_pocExploitThird Party Advisory
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-processExploitThird Party Advisory
- https://vuldb.com/?ctiid.322069Permissions RequiredVDB Entry
- https://vuldb.com/?id.322069Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.640779Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
- https://github.com/xyh4ck/iot_pocExploitThird Party Advisory
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-processExploitThird Party Advisory