CVE-2025-6899

Name of the Vulnerable Software and Affected Versions: D-Link DI-7300G+ versions 17.12.20A1 through 17.12.20A1 D-Link DI-8200G versions 19.12.25A1 through 19.12.25A1

Description: A critical issue was found in the affected devices, affecting an unknown part of the file msp info.htm. The manipulation of the flag/cmd/iface argument leads to os command injection. It is possible to initiate the attack remotely.

Recommendations: For D-Link DI-7300G+ version 17.12.20A1, consider disabling access to the msp info.htm file until a patch is available. For D-Link DI-8200G version 19.12.25A1, restrict the use of the flag/cmd/iface argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.