CVE-2025-11407 PUBLISHED

A weakness has been identified in D-Link DI-7001 MINI 24.04.18B1. Impacted is an unknown function of the file /upgrade_filter.asp. This manipulation of the argument path causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

• Yun Zhang (VulDB User) reporter

• VDB-327344 | D-Link DI-7001 MINI upgrade_filter.asp os command injection
• VDB-327344 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #665471 | D-Link DI-7001MINI-8G Gateway V24.04.18B1 Remote Code Execution
• https://github.com/DavCloudz/cve/issues/4
• https://www.dlink.com/

• OS Command Injection CWE
• Command Injection CWE