CVE-2025-11407

CWE-77Command InjectionCWE-78OS Command InjectionCWE-6824 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 77.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Di-7001 MiniDlink Di-7001mini-8g Firmware
Timeline
PublishedOct 7

Description

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/di-7001_mini24.04.18B1

🔴Vulnerability Details

2
GHSA
GHSA-v7c6-4hrh-qhhg: A weakness has been identified in D-Link DI-7001 MINI 242025-10-07
CVEList
D-Link DI-7001 MINI upgrade_filter.asp os command injection2025-10-07

📋Vendor Advisories

1
Microsoft
Denial of Service through Data corruption in gRPC-C++2024-11-12
CVE-2025-11407 (MEDIUM CVSS 5.3) | A weakness has been identified in D | cvebase.io