CVE-2025-9769

CVSS v3.1

6.2

Medium

AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DI-7400G+ version 19.12.25A1

Description A security flaw exists in the D-Link DI-7400G+ router. The issue is located in the sub 478D28 function of the /mng platform.asp file. Manipulation of the addr argument with the input echo 12345 > poc.txt can lead to command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

Recommendations As a temporary workaround, consider restricting access to the /mng platform.asp file to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

BDU:2025-11438

CVE-2025-9769

Affected Products

Di-7400G

CVE-2025-9769

Weakness Enumeration

Related Identifiers

Affected Products

References · 14