D-Link DI-7001 MINI 19.09.19A1/24.04.18B1 /msp_info.htm cmd kura hakki ndiyam

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /msp_info.htm na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument cmd shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-77. Gaskiya, laifi an fitar da shi 10/26/2025. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-12313. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $5k-$25k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

2 Goyarwa · 85 Datenpunkte

FurɗeSúgá
10/26/2025 18:24		Gargadi 1/1
10/28/2025 10:15
software_vendorD-LinkD-Link
software_nameDI-7001 MINIDI-7001 MINI
software_version19.09.19A1/24.04.18B119.09.19A1/24.04.18B1
software_file/msp_info.htm/msp_info.htm
software_argumentcmdcmd
vulnerability_cweCWE-77 (kura hakki ndiyam)CWE-77 (kura hakki ndiyam)
vulnerability_risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/DavCloudz/cve/issues/7https://github.com/DavCloudz/cve/issues/7
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/DavCloudz/cve/issues/7https://github.com/DavCloudz/cve/issues/7
source_cveCVE-2025-12313CVE-2025-12313
cna_responsibleVulDBVulDB
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viLL
cvss4_vuldb_vaLL
cvss4_vuldb_ePP
cvss2_vuldb_auSS
cvss2_vuldb_rlNDND
cvss3_vuldb_prLL
cvss3_vuldb_rlXX
cvss4_vuldb_atNN
cvss4_vuldb_prLL
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.65.6
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore5.75.7
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore5.76.0
cvss4_vuldb_bscore5.35.3
cvss4_vuldb_btscore2.12.1
advisory_date1761429600 (10/26/2025)1761429600 (10/26/2025)
price_0day$5k-$25k$5k-$25k
cve_nvd_summaryA vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.3
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!