CVE-2025-6899
D-Link DI-7300G+/DI-8200G msp_info.htm os command injection
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
D-Link DI-7300G+/DI-8200G msp_info.htm os command injection
A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Es wurde eine kritische Schwachstelle in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei msp_info.htm. Dank der Manipulation des Arguments flag/cmd/iface mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
| 2025-06-29: | Advisory disclosed |
| 2025-06-29: | VulDB entry created |
| 2025-06-29: | VulDB entry last update |
shiny (VulDB User)
vuldb.com/?id.314391 (VDB-314391 | D-Link DI-7300G+/DI-8200G msp_info.htm os command injection)
vuldb.com/?ctiid.314391 (VDB-314391 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.604444 (Submit #604444 | D-Link D-Link DI-7300G+、D-Link DI-8200G DI-7300G+ V19.12.25A1、DI_8200G-17.12.20A1 OS Command Injection)
github.com/...mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf
www.dlink.com/
Support options
