CVE-2025-1800: D-Link DAR-7000 HTTP POST Request sxh_vpnlic.php get_ip_addr_details command injection
First published: Sat Mar 01 2025(Updated: )
A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DAR-7000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1800?
CVE-2025-1800 is classified as critical due to its potential impact on the D-Link DAR-7000 system.
How do I fix CVE-2025-1800?
To fix CVE-2025-1800, users should apply the latest firmware update provided by D-Link for the DAR-7000.
What component is affected by CVE-2025-1800?
CVE-2025-1800 affects the HTTP POST Request Handler function get_ip_addr_details in the D-Link DAR-7000.
Which devices are impacted by CVE-2025-1800?
CVE-2025-1800 impacts the D-Link DAR-7000 version 3.2.
What type of vulnerability is CVE-2025-1800?
CVE-2025-1800 is a manipulation vulnerability that can be exploited through the argument ethname.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/description
- agent/type
- agent/references
- agent/first-publish-date
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/tags
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/d-link
- canonical/d-link dar-7000