CVE-2025-1800 | D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname command injection

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability was named CVE-2025-1800. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-1800 | D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname command injection

Post correlati

CVE-2024-5654 | CF7 Google Sheets Connector Plugin up to 5.0.9 on WordPress Configuration authorization

CVE-2021-47098 | Linux Kernel up to 5.15.11 hwmon clamp_val integer underflow (d105f30bea91/55840b9eae53)

CVE-2024-5551 | WP Staging Pro Plugin up to 5.6.0 on WordPress cross-site request forgery

CVE-2024-8340 | SourceCodester Electric Billing Management System 1.0 /Actions.php username sql injection