CNNVD-202510-896 Information

CNNVD ID

CNNVD-202510-896

Related CVE

CVE-2025-11407

• CNNVD Published: 2025-10-07

Description (Chinese)

D-Link DI-7001 MINI是中国友讯（D-Link）公司的一个多功能智能网关。 D-Link DI-7001 MINI 24.04.18B1版本存在操作系统命令注入漏洞，该漏洞源于对文件/upgrade_filter.asp中参数path的错误操作，可能导致os命令注入攻击。

Description (English)

D-Link DI-7001 MINI is a multi-purpose smart gateway to the Chinese company D-Link. The D-Link DI-7001 MINI 24.04.18B1 version contains a bug in the operating system command, which results from an error in the pathing of the parameter in file/upgrade filter.asp, which could lead to an Os command injection attack.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

友讯

Published

2025-10-07

Last Modified

2026-02-24

References

https://github.com/DavCloudz/cve/issues/4 https://vuldb.com/?ctiid.327344 https://vuldb.com/?id.327344 https://vuldb.com/?submit.665471 https://www.dlink.com/ https://access.redhat.com/security/cve/cve-2025-11407