Vulnerability Details CVE-2025-9769
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 4.3
References
- https://github.com/xyh4ck/iot_poc
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-process
- https://vuldb.com/?ctiid.322069
- https://vuldb.com/?id.322069
- https://vuldb.com/?submit.640779
- https://www.dlink.com/
- https://github.com/xyh4ck/iot_poc
- https://github.com/xyh4ck/iot_poc#vulnerability-verification-process
Products affected by CVE-2025-9769
-
cpe:2.3:h:dlink:di-7400g+:v2.a1
-
cpe:2.3:o:dlink:di-7400g+_firmware:19.12.25a1