CNNVD-202506-3742 Information

Jun 30, 2025 cve

CNNVD ID

CNNVD-202506-3742

CVE-2025-6898

CNNVD Published: 2025-06-30

Description (Chinese)

D-Link DI-7300G+是中国友讯（D-Link）公司的一款坚固耐用的企业级智能网关。 D-Link DI-7300G+ 19.12.25A1版本存在命令注入漏洞，该漏洞源于文件proxy_client.asp中参数proxy_srv、proxy_lanport、proxy_lanip和proxy_srvport的错误操作导致os命令注入。

Description (English)

D-Link DI-7300G+ is a strong and durable enterprise smart gateway for the Chinese company D-Link. Version D-Link DI-7300G+19.12.25A1 contains a command-injecting loophole, which results from the error of the parameters proxy srv, proxy lanport, proxy lanip and proxy srvport in the document Proxy client.asp, resulting in an Os command injection.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

D-Zero

Published

2025-06-30

Last Modified

2026-02-24

References

https://vuldb.com/?submit.604443 https://vuldb.com/?id.314390 https://www.dlink.com/ https://vuldb.com/?ctiid.314390 https://github.com/2664521593/mycve/blob/main/D-Link_DI/CJ_IN_DLink_3_en.pdf https://access.redhat.com/security/cve/cve-2025-6898

Share on: