CVE-2025-6899

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
dlinkdi-7300g\+_firmware
19.12.25a1:a1
dlinkdi-8200g_firmware
16.07.26a1:a1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_4_en.pdf
https://vuldb.com/?ctiid.314391
https://vuldb.com/?id.314391
https://vuldb.com/?submit.604444
https://www.dlink.com/