D-Link DI-7001 MINI upgrade_filter.asp os command injection_CVE-2025-11407

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-11407

Source VulDB

Published Oct 7, 2025 at 20:02

Modified Oct 7, 2025 at 20:33

Affected Product

Vendor D-Link

Product DI-7001 MINI

Version 24.04.18B1

Affected Versions D-Link DI-7001 MINI 24.04.18B1

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.",
    "published": "2025-10-07T20:02:05.836Z",
    "modified": "2025-10-07T20:33:12.045Z",
    "type": "cve",
    "title": "D-Link DI-7001 MINI upgrade_filter.asp os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327344\nhttps://vuldb.com/?ctiid.327344\nhttps://vuldb.com/?submit.665471\nhttps://github.com/DavCloudz/cve/issues/4\nhttps://www.dlink.com/",
    "id": "CVE-2025-11407",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "D-Link DI-7001 MINI 24.04.18B1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DI-7001 MINI",
    "version": "24.04.18B1",
    "vendor": "D-Link",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}