CVE-2025-57105 is a critical command injection vulnerability affecting the DI-7400G+ router. The flaw resides in the jhttpd program, specifically within the sub_478D28 function in mng_platform.asp and the sub_4A12DC function in wayos_ac_server.asp. The vulnerability is triggered through the ac_mng_srv_host parameter, which is improperly sanitized, allowing an attacker to inject and execute arbitrary commands on the device. This type of vulnerability (CWE-77) enables remote attackers to gain full control over the router without requiring authentication or user interaction. The CVSS v3.1 score of 9.8 reflects the high severity, with network attack vector, low attack complexity, no privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. Exploitation could lead to complete compromise of the router, enabling attackers to intercept, modify, or disrupt network traffic, pivot into internal networks, or deploy persistent malware. Although no known exploits are currently reported in the wild, the critical nature and ease of exploitation make this a significant threat to organizations relying on this router model.

For European organizations, the impact of this vulnerability could be severe. The DI-7400G+ router is often used in small to medium-sized enterprise and possibly some home office environments. Successful exploitation could lead to unauthorized access to internal networks, data exfiltration, disruption of business operations, and potential lateral movement to other critical systems. This is particularly concerning for sectors with stringent data protection requirements under GDPR, as breaches could result in regulatory penalties and reputational damage. Additionally, compromised routers could be used as a foothold for launching further attacks against European infrastructure or as part of botnets targeting other organizations. The lack of authentication and user interaction requirements means attackers can exploit this vulnerability remotely and at scale, increasing the risk for European entities using this hardware.

Immediate mitigation steps include isolating affected DI-7400G+ routers from critical network segments and restricting management interface access to trusted IP addresses only. Network administrators should monitor router logs for unusual command execution patterns or unexpected configuration changes. Since no official patches are currently available, organizations should contact the vendor for firmware updates or advisories. As a temporary workaround, disabling or restricting access to the vulnerable management interfaces (mng_platform.asp and wayos_ac_server.asp) can reduce exposure. Implementing network segmentation and deploying intrusion detection/prevention systems (IDS/IPS) to detect command injection attempts targeting these endpoints is recommended. Organizations should also conduct thorough network scans to identify all instances of the DI-7400G+ router and prioritize remediation efforts accordingly. Finally, updating router firmware promptly once patches are released is critical to fully mitigate the risk.