Remote Code Execution Vulnerability in D-Link DI-7001 MINI Products
CVE-2025-11407
Key Information:
- Vendor
D-link
- Status
- Vendor
- CVE Published:
- 7 October 2025
Badges
What is CVE-2025-11407?
A security flaw has been discovered in the D-Link DI-7001 MINI router, specifically in the functionality that processes the '/upgrade_filter.asp' file. This vulnerability allows for os command injection through manipulation of the 'path' argument. As a result, remote attackers could exploit this weakness to execute arbitrary commands on the affected device, posing serious security risks. Given that the exploit has become public, immediate action is recommended to protect systems from potential breaches.
Affected Version(s)
DI-7001 MINI 24.04.18B1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved