CNNVD-202510-3485 Information

CNNVD ID

CNNVD-202510-3485

Related CVE

CVE-2025-12313

• CNNVD Published: 2025-10-27

Description (Chinese)

D-Link DI-7001 MINI是中国友讯（D-Link）公司的一个多功能智能网关。 D-Link DI-7001 MINI 19.09.19A1版本和24.04.18B1版本存在命令注入漏洞，该漏洞源于对文件/msp_info.htm中参数cmd的错误操作，可能导致命令注入攻击。

Description (English)

D-Link DI-7001 MINI is a multi-purpose smart gateway to the Chinese company D-Link. D-Link DI-7001 MINI 19.09.19A1 and 24.04.18B1 have a command-injecting loophole, which stems from an error in the cd of the parameters in the document/msp info.htm, which could lead to an order-injection attack.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

友讯

Published

2025-10-27

Last Modified

2026-02-24

References

https://vuldb.com/?id.329985 https://vuldb.com/?ctiid.329985 https://vuldb.com/?submit.676887 https://www.dlink.com/ https://github.com/DavCloudz/cve/issues/7 https://access.redhat.com/security/cve/cve-2025-12313