Primary

Context

D-Link DI-7300G+ OS Command Injection Vulnerability

Vulnerability

A critical command injection vulnerability has been identified in the D-Link DI-7300G+ router, specifically in version 19.12.25A1. The issue arises in the file httpd_debug.asp, where the Time parameter can be manipulated to inject and execute operating system commands. This vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device, potentially leading to full control over the router.

Reproduction

The vulnerability can be reproduced by sending a request to the httpd_debug.asp file with a crafted Time parameter that includes the injected command. This can be done manually or using an automated exploit, which is available on GitHub.

Added: Jun 30, 2025, 8:38 AM

Updated: Jun 30, 2025, 8:38 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Link DI-7300G+ OS Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

D-Link DI-7300G+

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating