D-Link Di-7001 Mini vulnerabilities

CVE-2025-12313 [MEDIUM] CWE-74 CVE-2025-12313: A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-11408 [HIGH] CWE-119 CVE-2025-11408: A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element i A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-11407 [MEDIUM] CWE-77 CVE-2025-11407: A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.