CVE-2025-9769 LOW

CVE-2025-9769: D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection

Vendor D-Link
Product DI-7400G+
Weakness CWE-77
Published September 1, 2025
Last update September 2, 2025

CVSS base score

2.4/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

September 1, 2025 CVE published
September 2, 2025 Record updated