CVE-2025-57105 – The DI-7400G+ router contains a command injecti... (How to Fix)

Q: What is the severity of CVE-2025-57105?

CVE-2025-57105 has a CVSS score of 9.8 (CRITICAL). The DI-7400G+ router contains a command injection vulnerability in its web interface that allows attackers to execute arbitrary system commands. This affects all users of the vulnerable router model who have not applied patches. Attackers can gain full control of the device through this remote code execution flaw.

📋 TL;DR

The DI-7400G+ router contains a command injection vulnerability in its web interface that allows attackers to execute arbitrary system commands. This affects all users of the vulnerable router model who have not applied patches. Attackers can gain full control of the device through this remote code execution flaw.

💻 Affected Systems

Products:

D-Link DI-7400G+

Versions: All versions prior to patched firmware

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default web interface configuration. No special configuration required for exploitation.

📦 What is this software?

Di 7400g\+ Firmware by Dlink

View all CVEs affecting Di 7400g\+ Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept all network traffic, deploy malware to connected devices, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Router takeover leading to network monitoring, credential theft, DNS hijacking, and potential lateral movement to connected systems.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted web interface access and proper network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub. Exploitation requires network access to web interface but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for latest patched firmware

Vendor Advisory: https://www.dlink.com/en/security-bulletin/

Restart Required: Yes

Instructions:

1. Visit D-Link security bulletin page
2. Download latest firmware for DI-7400G+
3. Log into router web interface
4. Navigate to firmware update section
5. Upload and apply new firmware
6. Reboot router after update completes

🔧 Temporary Workarounds

Disable Web Interface

all

Disable remote access to router web management interface

Configure router to disable WAN access to management interface

Network Segmentation

all

Place router in isolated network segment with restricted access

Configure firewall rules to restrict access to router IP on ports 80/443

🧯 If You Can't Patch

Replace vulnerable device with supported model
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if device is DI-7400G+ and has unpatched firmware. Test by attempting exploitation using public PoC (not recommended in production).

Check Version:

Check router web interface System Status or About page for firmware version

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory. Test that command injection no longer works.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Multiple failed login attempts followed by successful access
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Traffic patterns indicating command and control

SIEM Query:

source="router_logs" AND ("ac_mng_srv_host" OR "command injection" OR unusual shell commands)

📊 Metadata

CVE ID: CVE-2025-57105

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.3% exploit probability (53.1th percentile)

Published: August 22, 2025

Last Updated: October 2, 2025

🔗 References

http://di-7400.com Broken Link
https://github.com/xyh4ck/iot_poc Exploit,Third Party Advisory
https://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DI-7400G%2B Product
https://www.dlink.com/en/security-bulletin/ Not Applicable
https://github.com/xyh4ck/iot_poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57105, you might also want to check these: