CRITICAL🇵🇱 Wersja polska

CVE-2025-57105

CVSS 9.8v3.1pub. 2025-08-22upd. 2026-07-05

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

🤖 AI Analysis
How it works

The vulnerability exists in the jhttpd program, specifically in the sub_478D28 function handled by the mng_platform.asp file and in the sub_4A12DC function handled by the wayos_ac_server.asp file. The ac_mng_srv_host parameter passed to these functions is not properly validated or sanitized, which allows an attacker to inject malicious system commands. An attacker can send a specially crafted network request without the need for authentication and achieve command execution in the context of the jhttpd process.

Impact

An attacker can remotely gain full control over the device by executing arbitrary system commands — potentially obtaining access to configuration, data transmitted over the network, and enabling further lateral movement within the infrastructure.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://www.dlink.com/en/security-bulletin/). Until the update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and isolate the device from unauthorized network segments.

Who is affected

D-Link DI-7400G+ (versions specified in the manufacturer's references)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Di 7400g\+

    HW
    Dlink
    a1
  • Dlink Di 7400g\+ Firmware

    OS
    Dlink
    19.12.25a1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-45573CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.2...

CVE-2023-45574CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.2...

CVE-2023-45575CRITICAL9.8ten sam produkt

Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23...

CVE-2023-45576CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.2...

CVE-2023-45572CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.2...