Skip to main content

CVE-2025-6898: OS Command Injection in D-Link DI-7300G+

Medium
VulnerabilityCVE-2025-6898cvecve-2025-6898
Published: Mon Jun 30 2025 (06/30/2025, 08:02:06 UTC)
Source: CVE Database V5
Vendor/Project: D-Link
Product: DI-7300G+

Description

A vulnerability, which was classified as critical, has been found in D-Link DI-7300G+ 19.12.25A1. Affected by this issue is some unknown functionality of the file in proxy_client.asp. The manipulation of the argument proxy_srv/proxy_lanport/proxy_lanip/proxy_srvport leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 06/30/2025, 08:24:33 UTC

Technical Analysis

CVE-2025-6898 is a security vulnerability identified in the D-Link DI-7300G+ router, specifically version 19.12.25A1. The vulnerability is an OS command injection flaw located in the proxy_client.asp file. It arises from improper sanitization of user-supplied input parameters such as proxy_srv, proxy_lanport, proxy_lanip, and proxy_srvport. An attacker can manipulate these parameters remotely to inject arbitrary operating system commands, potentially gaining unauthorized control over the affected device. The vulnerability does not require user interaction and can be exploited over the network without authentication, which increases its risk profile. However, the CVSS 4.0 vector indicates that some privileges are required (PR:L), and the impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L). The vulnerability has been publicly disclosed but no known exploits are currently observed in the wild. The CVSS score is 5.3, categorizing it as medium severity, reflecting the partial impact and exploitation complexity. The lack of available patches or mitigation links suggests that users must rely on configuration changes or vendor updates once released. This vulnerability is critical to address because successful exploitation could allow attackers to execute arbitrary commands on the router, potentially leading to network compromise, interception of traffic, or pivoting to internal systems.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for those relying on the D-Link DI-7300G+ router in their network infrastructure. Exploitation could lead to unauthorized remote control of network gateways, enabling attackers to intercept, modify, or disrupt network traffic. This could compromise sensitive data confidentiality and integrity, disrupt business operations, and facilitate further lateral movement within corporate networks. Small and medium enterprises (SMEs) and public sector organizations using this router model are particularly at risk due to potentially limited IT security resources and slower patch management cycles. Additionally, critical infrastructure sectors such as healthcare, finance, and government agencies could face increased risks if these devices are deployed in perimeter or internal network segments. The medium severity rating suggests that while the vulnerability is exploitable, some privilege level is required, which may limit immediate widespread exploitation but still warrants prompt remediation to prevent escalation.

Mitigation Recommendations

Given the absence of official patches, European organizations should implement the following specific mitigations: 1) Immediately restrict remote access to the router’s management interface by disabling WAN-side access or implementing strict firewall rules to limit access to trusted IP addresses only. 2) Audit and monitor network traffic for unusual requests targeting proxy_client.asp or suspicious parameter manipulation indicative of command injection attempts. 3) Change default credentials and enforce strong authentication mechanisms to reduce the risk of privilege escalation. 4) Where possible, isolate the affected router from critical network segments to limit potential lateral movement. 5) Engage with D-Link support channels to obtain firmware updates or security advisories and apply patches promptly once available. 6) Consider replacing the affected hardware with more secure alternatives if patching is delayed or not feasible. 7) Conduct regular vulnerability assessments and penetration testing focusing on network devices to detect similar issues proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-29T11:56:07.340Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 686246346f40f0eb7289fa42

Added to database: 6/30/2025, 8:09:24 AM

Last enriched: 6/30/2025, 8:24:33 AM

Last updated: 7/28/2025, 10:09:56 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats