Description

A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects an unknown function of the file /msp_info.htm?flag=cmd. The manipulation of the argument cmd results in command injection. The attack can be launched remotely. The exploit has been made public and could be used.

Related CPE's

o

dlink

di-7400g\+_firmware

19.12.25a1

Vulnerable

h

dlink

di-7400g\+

a1

References

https://github.com/xyh4ck/iot_poc/tree/main/D-Link_DI_7400G%2B_Command_Injection

ExploitThird Party Advisory

https://vuldb.com/?ctiid.338743

Permissions RequiredVDB Entry

https://vuldb.com/?id.338743

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.726376

Third Party AdvisoryVDB Entry

https://www.dlink.com/

Product

Weaknesses

[email protected]

Primary
CWE-74CWE-77

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T21:15:43.677Z

2 weeks ago

Last modified

2026-01-09T19:35:23.757Z

6 days ago