Skip to main content

CVE-2025-6899: OS Command Injection in D-Link DI-7300G+

Medium
VulnerabilityCVE-2025-6899cvecve-2025-6899
Published: Mon Jun 30 2025 (06/30/2025, 08:32:05 UTC)
Source: CVE Database V5
Vendor/Project: D-Link
Product: DI-7300G+

Description

A vulnerability, which was classified as critical, was found in D-Link DI-7300G+ and DI-8200G 17.12.20A1/19.12.25A1. This affects an unknown part of the file msp_info.htm. The manipulation of the argument flag/cmd/iface leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 06/30/2025, 08:54:28 UTC

Technical Analysis

CVE-2025-6899 is a security vulnerability identified in the D-Link DI-7300G+ and DI-8200G routers, specifically affecting firmware versions 17.12.20A1 and 19.12.25A1. The vulnerability resides in the web interface file msp_info.htm, where manipulation of certain parameters—namely flag, cmd, or iface—can lead to OS command injection. This means an attacker can remotely execute arbitrary operating system commands on the affected device without requiring user interaction or authentication. The vulnerability is remotely exploitable over the network, increasing the attack surface significantly. Although the CVSS v4.0 score is 5.3 (medium severity), the ability to execute OS commands remotely without authentication is a critical concern in many contexts. The exploit details have been publicly disclosed, though no known exploits in the wild have been reported yet. The vulnerability could allow attackers to compromise the router, potentially leading to unauthorized access, network traffic interception, or further lateral movement within the network. The lack of available patches at the time of disclosure increases the urgency for mitigation and risk management.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for those relying on D-Link DI-7300G+ or DI-8200G routers in their network infrastructure. Successful exploitation could lead to full compromise of the affected routers, enabling attackers to intercept or manipulate network traffic, disrupt network availability, or use the compromised device as a foothold for further attacks within the corporate network. This is particularly critical for organizations handling sensitive data or operating critical infrastructure. The medium CVSS score somewhat underestimates the potential impact because the vulnerability allows unauthenticated remote OS command execution, which can severely affect confidentiality, integrity, and availability. Given the routers’ role as network gateways, exploitation could lead to widespread disruption or data breaches. Additionally, the public disclosure of the exploit code increases the risk of opportunistic attacks targeting European organizations before patches or mitigations are widely deployed.

Mitigation Recommendations

Organizations should immediately inventory their network devices to identify the presence of D-Link DI-7300G+ and DI-8200G models running the affected firmware versions. Since no official patches are currently available, mitigation should focus on network-level controls: restrict remote access to router management interfaces using firewalls or VPNs, disable remote management if not required, and implement strict access control lists to limit exposure. Monitoring network traffic for unusual commands or behavior indicative of exploitation attempts is recommended. Organizations should also engage with D-Link support channels to obtain information on forthcoming patches or firmware updates. Where feasible, consider replacing affected devices with models not vulnerable to this issue. Additionally, applying network segmentation to isolate critical assets from vulnerable routers can reduce the blast radius of a potential compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-29T11:56:11.016Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68624d3c6f40f0eb728a0cf9

Added to database: 6/30/2025, 8:39:24 AM

Last enriched: 6/30/2025, 8:54:28 AM

Last updated: 7/30/2025, 6:55:03 AM

Views: 23

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats