Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

CVE-2025-57105

CVSS SCORE:9.8

CVE ID:CVE-2025-57105

SEVERITY:High

Vendor:Unknown Vendor

Reporter:cve@mitre.org

Exploitable?Yes

Summary

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

CVSS Metrics

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

version3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

baseScore9.8

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredNONE

userInteractionNONE

scopeUNCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

CWE Information

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0,Type: Secondary

Additional Information

References

cve@mitre.org:http://di-7400.com

cve@mitre.org:https://github.com/xyh4ck/iot_poc

cve@mitre.org:https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B

cve@mitre.org:https://www.dlink.com/en/security-bulletin/

134c704f-9b21-4f2e-91b3-4a467353bcc0:https://github.com/xyh4ck/iot_poc

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 8/22/2025

Updated 8/26/2025