CVE-2025-57105
Published: 22 August 2025
Summary
CVE-2025-57105 is a critical-severity Command Injection (CWE-77) vulnerability in Dlink Di-7400G\+ Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 21.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The DI-7400G+ router is affected by a command injection vulnerability tracked as CVE-2025-57105. The flaw resides in the jhttpd program, specifically the sub_478D28 function within mng_platform.asp and the sub_4A12DC function within wayos_ac_server.asp, both triggered through the ac_mng_srv_host parameter. It carries a CVSS 3.1 score of 9.8 and is classified under CWE-77.
Remote attackers can exploit the issue without authentication or user interaction by supplying crafted input to the affected ASP endpoints, resulting in arbitrary command execution on the device with full impact to confidentiality, integrity, and availability.
Vendor advisories and product information are referenced at the D-Link support pages http://di-7400.com, https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B, and https://www.dlink.com/en/security-bulletin/, while proof-of-concept material appears in the public repository https://github.com/xyh4ck/iot_poc. The EPSS score remains flat at 0.0107 with no material increase observed since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28615
Vulnerability details
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability in the router's web management interfaces (mng_platform.asp and wayos_ac_server.asp) enables authenticated remote attackers to execute arbitrary Unix shell commands via the system() function after injecting payloads into NVRAM, mapping to exploitation of remote services and Unix shell execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Remediates the specific command injection flaw in sub_478D28 and sub_4A12DC functions of the jhttpd program, preventing arbitrary command execution via the ac_mng_srv_host parameter.
Validates the ac_mng_srv_host parameter at the input points in mng_platform.asp and wayos_ac_server.asp to block malicious command injection payloads.
Enforces boundary protection on the router's management interfaces to restrict network access and mitigate remote unauthenticated exploitation.