ID
VAR-202503-0084
CVE
CVE-2025-1800
TITLE
D-Link Systems, Inc. of dar-7000 Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAR-7000 is an Internet behavior management and auditing gateway device that provides Internet behavior management and auditing functions. D-Link DAR-7000 has a command injection vulnerability, which stems from the fact that the ethname parameter of the get_ip_addr_details function in the /view/vpn/sxh_vpn/sxh_vpnlic.php file is not properly filtered or validated. No detailed vulnerability details are currently available
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dar-7000 | scope: | eq | version: | 3.2 | Trust: 1.0 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | dar-7000 firmware 3.2 | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dar-7000 | scope: | eq | version: | 3.2 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | CWE-74 | Trust: 1.0 |
| problemtype: | injection (CWE-74) [ others ] | Trust: 0.8 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-1800 | Trust: 3.2 |
| db: | VULDB | id: | 298030 | Trust: 2.4 |
| db: | DLINK | id: | SAP10354 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2025-005425 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-13071 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?id.298030 | Trust: 2.4 |
| url: | https://vuldb.com/?submit.502971 | Trust: 2.4 |
| url: | https://github.com/sjwszt/cve/blob/main/cve_1.md | Trust: 2.4 |
| url: | https://www.dlink.com/ | Trust: 2.4 |
| url: | https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10354 | Trust: 1.8 |
| url: | https://vuldb.com/?ctiid.298030 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-1800 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-13071 |
| db: | JVNDB | id: | JVNDB-2025-005425 |
| db: | NVD | id: | CVE-2025-1800 |
LAST UPDATE DATE
2025-06-21T23:06:24.264000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-13071 | date: | 2025-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005425 | date: | 2025-05-22T01:32:00 |
| db: | NVD | id: | CVE-2025-1800 | date: | 2025-05-21T16:15:43.203 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-13071 | date: | 2025-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-005425 | date: | 2025-05-22T00:00:00 |
| db: | NVD | id: | CVE-2025-1800 | date: | 2025-03-01T18:15:34.983 |