CVE-2025-12313

CWE-74CWE-77Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 76.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Di-7001 MiniDlink Di-7001mini-8g Firmware
Timeline
PublishedOct 27

Description

A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/di-7001_mini19.09.19A1, 24.04.18B1+1
NVDdlink/di-7001mini-8g_firmware19.09.19a1, 24.04.18b1+1

🔴Vulnerability Details

2
CVEList
D-Link DI-7001 MINI msp_info.htm command injection2025-10-27
GHSA
GHSA-jc8w-794f-cj7q: A vulnerability has been found in D-Link DI-7001 MINI 192025-10-27
CVE-2025-12313 (MEDIUM CVSS 5.3) | A vulnerability has been found in D | cvebase.io