CVE-2025-15357

The CVE-2025-15357 issue affects D-Link DI-7400G+ with firmware 19.12.25A1. The vulnerability lies in function handling of /msp_info.htm?flag=cmd, where improper manipulation of the cmd parameter enables remote command injection. Exploitation is publicly available (PoC). Depending on the CVSS sou...

D-Link DI-7400G+ 命令注入漏洞

The D-Link DI-7400G+ is a router from China AUO D-Link. A command injection vulnerability exists in the D-Link DI-7400G+ version 19.12.25A1, which stems from incorrect manipulation of the parameter cmd in the file /mspinfo.htm?flag=cmd, which can lead to command injection...

CVE-2025-12313

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-12313

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

EUVD-2025-36343

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-12313 D-Link DI-7001 MINI msp_info.htm command injection

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /mspinfo.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public an...

CVE-2025-11335

CVE-2025-11335 affects D-Link DI-7100G C1 (firmware up to 20250928). The vulnerability is a command-injection in the jhttpd component, impacting the function sub_46409C in the file /msp_info.htm?flag=qos where the iface argument is manipulated. This enables remote code execution with high impact ...

CVE-2025-6899

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

CVE-2025-6899 D-Link DI-7300G+/DI-8200G msp_info.htm os command injection

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

CVE-2025-6899

CVE-2025-6899 affects D-Link DI-7300G+ (17.12.20A1) and DI-8200G (19.12.25A1). The vulnerability is an os command injection in msp_info.htm triggered by manipulating the flag/cmd/iface argument, with remote exploitability alleged. Multiple sources corroborate the issue and specify the affected fi...

CVE-2025-6899 D-Link DI-7300G+/DI-8200G msp_info.htm os command injection

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file mspinfo.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely...

D-Link DI-7300G+ 安全漏洞

The D-Link DI-7300G+ is a ruggedized, enterprise-grade smart gateway from China-based AUO D-Link. A security vulnerability exists in D-Link DI-7300G+ version 19.12.25A1 and DI-8200G version 17.12.20A1, which originates from os command injection due to incorrect operation of the parameters flag, c...

CVE-2025-5492

Summary: CVE-2025-5492 affects D-Link DI-500WF-WT up to 20250511. The flaw is in /usr/sbin/jhttpd, within the function sub_456DE8 of /msp_info.htm?flag=cmd, where manipulating the cmd parameter enables remote command injection. Several sources confirm the impact and vulnerable endpoint; exploitat...

CVE-2024-44402

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via mspinfo.htm...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

WayOS FBM_292W 安全漏洞

WayOS FBM292W is a wireless router designed for coffee shops, small and medium-sized enterprises, chain organizations, and home environments with prominent Internet behavior management features from WayOS. A security vulnerability exists in WayOS FBM292W version 21.03.10V, which originates from t...

CVE-2024-44414

A vulnerability was discovered in FBM292W-21.03.10V, which has been classified as critical. This issue affects the sub4901E0 function in the mspinfo.htm file. Manipulation of the path parameter can lead to command injection...

CVE-2024-44414

CVE-2024-44414 affects WayOS FBM_292W with firmware 21.03.10V. The vulnerability is in the sub_4901E0 function of msp_info.htm where manipulation of the path parameter can lead to command injection. The CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and privileges r...

The vulnerability of the msp_info.htm file on the D-Link DI-8100G network device allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the mspinfo.htm file on the D-Link DI-8100G network device is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitra...