Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for di-7001mini-8g_firmware by dlink

    CVE-2026-10270 (GCVE-0-2026-10270)

    Vulnerability from nvd – Published: 2026-06-01 15:30 – Updated: 2026-06-01 19:46
    VLAI
    Title
    D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
        cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10270",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T19:34:34.115670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T19:46:56.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T15:30:11.093Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367549 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367549"
            },
            {
              "name": "VDB-367549 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367549/cti"
            },
            {
              "name": "CVE-2026-10270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10270"
            },
            {
              "name": "Submit #825198 | D-Link DI-7001MINI-8G \u003c=19.09.19A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/825198"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T16:18:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10270",
        "datePublished": "2026-06-01T15:30:11.093Z",
        "dateReserved": "2026-05-31T14:13:05.202Z",
        "dateUpdated": "2026-06-01T19:46:56.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12313 (GCVE-0-2025-12313)

    Vulnerability from nvd – Published: 2025-10-27 20:02 – Updated: 2025-10-27 20:22
    VLAI
    Title
    D-Link DI-7001 MINI msp_info.htm command injection
    Summary
    A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.329985 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.329985 signaturepermissions-required
    https://vuldb.com/?submit.676887 third-party-advisory
    https://github.com/DavCloudz/cve/issues/7 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
    Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12313",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T20:22:14.999602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T20:22:23.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                },
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /msp_info.htm. Mittels dem Manipulieren des Arguments cmd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T20:02:06.408Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-329985 | D-Link DI-7001 MINI msp_info.htm command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.329985"
            },
            {
              "name": "VDB-329985 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.329985"
            },
            {
              "name": "Submit #676887 | D-Link Gateway V19.09.19A1 and V24.04.18B1 Arbitrary Command Execution or Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.676887"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-26T18:24:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI msp_info.htm command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12313",
        "datePublished": "2025-10-27T20:02:06.408Z",
        "dateReserved": "2025-10-26T17:19:28.833Z",
        "dateUpdated": "2025-10-27T20:22:23.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11408 (GCVE-0-2025-11408)

    Vulnerability from nvd – Published: 2025-10-07 20:32 – Updated: 2025-10-08 18:32
    VLAI
    Title
    D-Link DI-7001 MINI dbsrv.asp buffer overflow
    Summary
    A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327345 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327345 signaturepermissions-required
    https://vuldb.com/?submit.665474 third-party-advisory
    https://github.com/DavCloudz/cve/issues/5 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11408",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T18:30:38.056675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T18:32:02.359Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DI-7001 MINI 24.04.18B1 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /dbsrv.asp. Die Manipulation des Arguments str f\u00fchrt zu buffer overflow. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T20:32:05.695Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327345 | D-Link DI-7001 MINI dbsrv.asp buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327345"
            },
            {
              "name": "VDB-327345 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327345"
            },
            {
              "name": "Submit #665474 | D-Link Gateway DI-7001MINI-8G (firmware version: V24.04.18B1) Denial of Service or even arbitrary command execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.665474"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T09:29:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI dbsrv.asp buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11408",
        "datePublished": "2025-10-07T20:32:05.695Z",
        "dateReserved": "2025-10-07T07:24:28.213Z",
        "dateUpdated": "2025-10-08T18:32:02.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11407 (GCVE-0-2025-11407)

    Vulnerability from nvd – Published: 2025-10-07 20:02 – Updated: 2025-10-07 20:33
    VLAI
    Title
    D-Link DI-7001 MINI upgrade_filter.asp os command injection
    Summary
    A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327344 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327344 signaturepermissions-required
    https://vuldb.com/?submit.665471 third-party-advisory
    https://github.com/DavCloudz/cve/issues/4 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11407",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-07T20:31:14.679154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T20:33:12.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in D-Link DI-7001 MINI 24.04.18B1 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /upgrade_filter.asp. Durch Beeinflussen des Arguments path mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T20:02:05.836Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327344 | D-Link DI-7001 MINI upgrade_filter.asp os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327344"
            },
            {
              "name": "VDB-327344 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327344"
            },
            {
              "name": "Submit #665471 | D-Link DI-7001MINI-8G Gateway V24.04.18B1 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.665471"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T09:28:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI upgrade_filter.asp os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11407",
        "datePublished": "2025-10-07T20:02:05.836Z",
        "dateReserved": "2025-10-07T07:23:37.593Z",
        "dateUpdated": "2025-10-07T20:33:12.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-10270 (GCVE-0-2026-10270)

    Vulnerability from cvelistv5 – Published: 2026-06-01 15:30 – Updated: 2026-06-01 19:46
    VLAI
    Title
    D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow
    Summary
    A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
        cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Zheng (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10270",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T19:34:34.115670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T19:46:56.015Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:h:d-link:di-7001_mini:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "API"
              ],
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Zheng (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-01T15:30:11.093Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-367549 | D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/367549"
            },
            {
              "name": "VDB-367549 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/367549/cti"
            },
            {
              "name": "CVE-2026-10270 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-10270"
            },
            {
              "name": "Submit #825198 | D-Link DI-7001MINI-8G \u003c=19.09.19A1 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/825198"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/666324/dlink-DI-7001MINI-8G-vuln/tree/main/dlink-DI-7001MINI-8G-vuln"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-31T16:18:08.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI API httpd_debug.asp sprintf stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-10270",
        "datePublished": "2026-06-01T15:30:11.093Z",
        "dateReserved": "2026-05-31T14:13:05.202Z",
        "dateUpdated": "2026-06-01T19:46:56.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12313 (GCVE-0-2025-12313)

    Vulnerability from cvelistv5 – Published: 2025-10-27 20:02 – Updated: 2025-10-27 20:22
    VLAI
    Title
    D-Link DI-7001 MINI msp_info.htm command injection
    Summary
    A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.329985 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.329985 signaturepermissions-required
    https://vuldb.com/?submit.676887 third-party-advisory
    https://github.com/DavCloudz/cve/issues/7 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 19.09.19A1
    Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12313",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T20:22:14.999602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T20:22:23.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.09.19A1"
                },
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /msp_info.htm. Mittels dem Manipulieren des Arguments cmd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T20:02:06.408Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-329985 | D-Link DI-7001 MINI msp_info.htm command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.329985"
            },
            {
              "name": "VDB-329985 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.329985"
            },
            {
              "name": "Submit #676887 | D-Link Gateway V19.09.19A1 and V24.04.18B1 Arbitrary Command Execution or Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.676887"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-26T18:24:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI msp_info.htm command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12313",
        "datePublished": "2025-10-27T20:02:06.408Z",
        "dateReserved": "2025-10-26T17:19:28.833Z",
        "dateUpdated": "2025-10-27T20:22:23.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11408 (GCVE-0-2025-11408)

    Vulnerability from cvelistv5 – Published: 2025-10-07 20:32 – Updated: 2025-10-08 18:32
    VLAI
    Title
    D-Link DI-7001 MINI dbsrv.asp buffer overflow
    Summary
    A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327345 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327345 signaturepermissions-required
    https://vuldb.com/?submit.665474 third-party-advisory
    https://github.com/DavCloudz/cve/issues/5 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11408",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T18:30:38.056675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T18:32:02.359Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in D-Link DI-7001 MINI 24.04.18B1 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /dbsrv.asp. Die Manipulation des Arguments str f\u00fchrt zu buffer overflow. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T20:32:05.695Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327345 | D-Link DI-7001 MINI dbsrv.asp buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327345"
            },
            {
              "name": "VDB-327345 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327345"
            },
            {
              "name": "Submit #665474 | D-Link Gateway DI-7001MINI-8G (firmware version: V24.04.18B1) Denial of Service or even arbitrary command execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.665474"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T09:29:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI dbsrv.asp buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11408",
        "datePublished": "2025-10-07T20:32:05.695Z",
        "dateReserved": "2025-10-07T07:24:28.213Z",
        "dateUpdated": "2025-10-08T18:32:02.359Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11407 (GCVE-0-2025-11407)

    Vulnerability from cvelistv5 – Published: 2025-10-07 20:02 – Updated: 2025-10-07 20:33
    VLAI
    Title
    D-Link DI-7001 MINI upgrade_filter.asp os command injection
    Summary
    A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327344 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327344 signaturepermissions-required
    https://vuldb.com/?submit.665471 third-party-advisory
    https://github.com/DavCloudz/cve/issues/4 exploitissue-tracking
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DI-7001 MINI Affected: 24.04.18B1
    Create a notification for this product.
    Credits
    Yun Zhang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11407",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-07T20:31:14.679154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T20:33:12.045Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DI-7001 MINI",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.04.18B1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Yun Zhang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in D-Link DI-7001 MINI 24.04.18B1 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /upgrade_filter.asp. Durch Beeinflussen des Arguments path mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-07T20:02:05.836Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327344 | D-Link DI-7001 MINI upgrade_filter.asp os command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327344"
            },
            {
              "name": "VDB-327344 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327344"
            },
            {
              "name": "Submit #665471 | D-Link DI-7001MINI-8G Gateway V24.04.18B1 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.665471"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/DavCloudz/cve/issues/4"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T09:28:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DI-7001 MINI upgrade_filter.asp os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11407",
        "datePublished": "2025-10-07T20:02:05.836Z",
        "dateReserved": "2025-10-07T07:23:37.593Z",
        "dateUpdated": "2025-10-07T20:33:12.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }