CVE Catalog

CVE-2025-57105

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.88%

85th percentile - higher than 85% of all known CVEs

Summary

The DI-7400G+ router has a command injection vulnerability in the sub_478D28 and sub_4A12DC functions of the jhttpd program, allowing attackers to execute arbitrary commands on the device via the ac_mng_srv_host parameter.

Risk Assessment

An attacker can gain full control over the router, compromising network confidentiality and integrity, and potentially using the device as an entry point for further attacks.

Recommendation

Immediately update the router firmware to the latest version and restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS