CVE-2025-29519

CWE-77 — Command Injection3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.9%

top 24.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dsl-7740c Firmware

Timeline

PublishedAug 25

Latest updateAug 26

Description

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDdlink/dsl-7740c_firmware6.tr069.20211230

🔴Vulnerability Details

GHSA

GHSA-xjp5-p9r4-x8c7: A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C↗2025-08-26

▶

CVEList

CVE-2025-29519: A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C↗2025-08-25

▶