CVE-2025-9769 | D-Link DI-7400G+ 19.12.25A1 /mng_platform.asp sub_478D28 addr command injection

Inserito da Angelo Barbosa | Ago 31, 2025 | CVE

A vulnerability described as critical has been identified in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection.

This vulnerability was named CVE-2025-9769. An attack on the physical device is feasible. In addition, an exploit is available.

CVE-2025-9769 | D-Link DI-7400G+ 19.12.25A1 /mng_platform.asp sub_478D28 addr command injection

Post correlati

CVE-2023-51093 | Tenda M3 1.0.0.12(4856) fromSetLocalVlanInfo stack-based overflow

CVE-2024-36480 | Ricoh Streamline NX PC Client up to 3.7.2 hard-coded credentials (ricoh-2024-000005)

CVE-2025-36632 | Tenable Agent up to 10.8.4 on Windows default permission (EUVD-2025-18396)

CVE-2025-52294 | Trust Wallet 8.45 Screen Lock improper authentication