CVE-2025-9769

CVSS v3.1

6.2

Vector

AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DI-7400G+ version 19.12.25A1

Description A security flaw exists in the D-Link DI-7400G+ router. The issue is located in the

sub 478D28

function of the

/mng platform.asp

file. Manipulation of the

addr

argument with the input

echo 12345 > poc.txt

can lead to command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

Recommendations As a temporary workaround, consider restricting access to the

/mng platform.asp

file to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

BDU:2025-11438

CVE-2025-9769

Di-7400G