CVE-2025-57105
CriticalCVSS 9.8Exploitation Probability (EPSS)
High risk85th percentile - higher than 85% of all known CVEs
Summary
The DI-7400G+ router has a command injection vulnerability in the sub_478D28 and sub_4A12DC functions of the jhttpd program, allowing attackers to execute arbitrary commands on the device via the ac_mng_srv_host parameter.
Risk Assessment
An attacker can gain full control over the router, compromising network confidentiality and integrity, and potentially using the device as an entry point for further attacks.
Recommendation
Immediately update the router firmware to the latest version and restrict management interface access to trusted IP addresses only.
Original NVD description (English source)
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.

