DCN DCME-720 Web Management Backend ip_block.php os command injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9387

Source VulDB

Published Aug 24, 2025 at 12:02

Affected Product

Vendor DCN

Product DCME-720

Version 9.1.5.11

Affected Versions DCN DCME-720 9.1.5.11

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-24T12:02:06.813Z",
    "modified": "2025-08-24T12:02:06.813Z",
    "type": "cve",
    "title": "DCN DCME-720 Web Management Backend ip_block.php os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321220\nhttps://vuldb.com/?ctiid.321220\nhttps://vuldb.com/?submit.630727\nhttps://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md\nhttps://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81",
    "id": "CVE-2025-9387",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "DCN DCME-720 9.1.5.11",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DCME-720",
    "version": "9.1.5.11",
    "vendor": "DCN",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

DCN DCME-720 Web Management Backend ip_block.php os command injection_CVE-2025-9387