CVE-2025-9769 D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...

CVE-2025-9769

The CVE-2025-9769 vulnerability affects D-Link DI-7400G+ (firmware 19.12.25A1). It is triggered by the function sub_478D28 in /mng_platform.asp, where manipulating the addr argument with the input echo 12345 > poc.txt leads to a command injection. This can enable an attacker to run arbitrary c...

D-Link DI-7400G+ 安全漏洞

The D-Link DI-7400G+ is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DI-7400G+ version 19.12.25A1, which originates from a command injection due to incorrect operation of the parameter addr in the file /mngplatform.asp...

CVE-2025-57105

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub478D28 function in in mngplatform.asp, and sub4A12DC function in wayosacserver.asp of the jhttpd program, with the parameter acmngsrvhost...

1stdesign SQL Injection

+------------------------------------------------------------------------------------------+ |------------------------- 1stdesign SQL Injection Vulnerability ------------------------| +------------------------------------------------------------------------------------------+ + Google Dork :...