Name of the Vulnerable Software and Affected Versions:

D-Link DI-7400G+ version 19.12.25A1

Description:

A security flaw exists in the D-Link DI-7400G+ router. The issue is located in the `sub 478D28` function of the `/mng platform.asp` file. Manipulation of the `addr` argument with the input `echo 12345 > poc.txt` can lead to command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

Recommendations:

As a temporary workaround, consider restricting access to the `/mng platform.asp` file to minimize the risk of exploitation.