CVE-2025-57105
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-10-02

Assigner: MITRE

Description
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-10-02
Generated
2026-05-07
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-57105
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink di-7400g\+_firmware 19.12.25a1
dlink di-7400g\+ a1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The DI-7400G+ router has a command injection vulnerability in its jhttpd program, specifically in the sub_478D28 function in mng_platform.asp and the sub_4A12DC function in wayos_ac_server.asp. This vulnerability allows attackers to execute arbitrary commands on the device by exploiting the ac_mng_srv_host parameter.


How can this vulnerability impact me? :

This vulnerability can allow attackers to execute arbitrary commands on the affected router, potentially leading to unauthorized control over the device, disruption of network services, data interception, or further attacks within the network.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart