CVE-2025-15357

The CVE-2025-15357 issue affects D-Link DI-7400G+ with firmware 19.12.25A1. The vulnerability lies in function handling of /msp_info.htm?flag=cmd, where improper manipulation of the cmd parameter enables remote command injection. Exploitation is publicly available (PoC). Depending on the CVSS sou...

D-Link DI-7400G+ 命令注入漏洞

The D-Link DI-7400G+ is a router from China AUO D-Link. A command injection vulnerability exists in the D-Link DI-7400G+ version 19.12.25A1, which stems from incorrect manipulation of the parameter cmd in the file /mspinfo.htm?flag=cmd, which can lead to command injection...

CVE-2025-12313

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-12313

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-12313 D-Link DI-7001 MINI msp_info.htm command injection

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

EUVD-2025-36343

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-11335

CVE-2025-11335 affects D-Link DI-7100G C1 (firmware up to 20250928). The vulnerability is a command-injection in the jhttpd component, impacting the function sub_46409C in the file /msp_info.htm?flag=qos where the iface argument is manipulated. This enables remote code execution with high impact ...

CVE-2025-6899

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

CVE-2025-6899 D-Link DI-7300G+/DI-8200G msp_info.htm os command injection

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

CVE-2025-6899 D-Link DI-7300G+/DI-8200G msp_info.htm os command injection

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

CVE-2025-6899

CVE-2025-6899 affects D-Link DI-7300G+ (17.12.20A1) and DI-8200G (19.12.25A1). The vulnerability is an os command injection in msp_info.htm triggered by manipulating the flag/cmd/iface argument, with remote exploitability alleged. Multiple sources corroborate the issue and specify the affected fi...

D-Link DI-7300G+ 安全漏洞

The D-Link DI-7300G+ is a ruggedized, enterprise-grade smart gateway from China-based AUO D-Link. A security vulnerability exists in D-Link DI-7300G+ version 19.12.25A1 and DI-8200G version 17.12.20A1, which originates from os command injection due to incorrect operation of the parameters flag, c...

CVE-2025-5492

Summary: CVE-2025-5492 affects D-Link DI-500WF-WT up to 20250511. The flaw is in /usr/sbin/jhttpd, within the function sub_456DE8 of /msp_info.htm?flag=cmd, where manipulating the cmd parameter enables remote command injection. Several sources confirm the impact and vulnerable endpoint; exploitat...

CVE-2024-44402

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

WayOS FBM_292W 安全漏洞

WayOS FBM292W is a wireless router designed for coffee shops, small and medium-sized enterprises, chain organizations, and home environments with prominent Internet behavior management features from WayOS. A security vulnerability exists in WayOS FBM292W version 21.03.10V, which originates from t...

CVE-2024-44414

CVE-2024-44414 affects WayOS FBM_292W with firmware 21.03.10V. The vulnerability is in the sub_4901E0 function of msp_info.htm where manipulation of the path parameter can lead to command injection. The CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and privileges r...

D-Link DI-8100G Command Injection Vulnerability

D-Link DI-8100G is a broadband router designed for small and medium-sized network environments, supporting multi-line bandwidth overlay, PPPoE/WEB authentication billing, intelligent traffic control, Internet behavior management and other functions. The D-Link DI-8100G suffers from a command...