OS Command Injection Vulnerability in WN-7D36QR by I-O Data
CVE-2025-58116

8.6HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Wn-7d36qr; Wn-7d36qr/ue
Vendor: CVE Published:; 17 September 2025

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2025-58116?

An OS command injection vulnerability exists in the WN-7D36QR and WN-7D36QR/UE products from I-O Data. This issue allows remote authenticated attackers to execute arbitrary OS commands on the affected devices, potentially compromising sensitive data and impacting system integrity. It's critical for users of these products to apply necessary security measures to mitigate this risk.

Affected Version(s)

WN-7D36QR firmware Ver.1.1.3 and prior versions

WN-7D36QR/UE firmware Ver.1.1.3 and prior versions

References

https://www.iodata.jp/support/information/2025/09_wn-7d36...

https://jvn.jp/en/vu/JVNVU97490987/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 10, 2025