CVE-2025-57105

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: DI-7400G+ router (affected versions not specified)

Description: The DI-7400G+ router contains a command injection flaw that enables attackers to execute arbitrary commands on the device. This issue affects the sub 478D28 function within mng platform.asp and the sub 4A12DC function within wayos ac server.asp of the jhttpd program, specifically through the ac mng srv host parameter.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-10348

CVE-2025-57105

Affected Products

Di-7400G+ Router

CVE-2025-57105

Weakness Enumeration

Related Identifiers

Affected Products

References · 10