CVE Details
Basic Information
| Title | D-Link DI-7300G+ wget_test.asp os command injection |
|---|---|
| Type | cve |
| Published | 2025-06-30T07:02:05.641Z |
| Last Seen |
Product Information
| Vendor | D-Link |
|---|---|
| Product | DI-7300G+ |
| Version | 19.12.25A1 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in D-Link DI-7300G+ allows remote OS command injection via the wget_test.asp file. This could enable attackers to execute arbitrary commands on the affected system. |
|---|---|
| AI Severity | High |
| Vendor | D-Link |
| Product | DI-7300G+ |
| Affected Version | 19.12.25A1 |
Affected Products
- D-Link DI-7300G+ 19.12.25A1
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-78, CWE-77 |
| Bulletin Family |
References
Description
A vulnerability classified as critical has been found in D-Link DI-7300G+ 19.12.25A1. Affected is an unknown function of the file wget_test.asp. The manipulation of the argument url leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.