An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via a crafted packet.
References
| Link | Resource |
|---|---|
| https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_1_en.pdf | Broken Link |
| https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_1_en.pdf | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
History
02 May 2025, 15:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_1_en.pdf - Broken Link | |
| First Time |
Dlink
Dlink dsl-3782 Firmware Dlink dsl-3782 |
|
| CPE | cpe:2.3:o:dlink:dsl-3782_firmware:1.01:*:*:*:*:*:*:* cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:* |
19 Feb 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
| Summary |
|
|
| CWE | CWE-78 | |
| References | () https://github.com/2664521593/mycve/blob/main/CJ_in_D-Link_DSL-3782_1_en.pdf - |
18 Feb 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-18 22:15
Updated : 2025-05-02 15:46
NVD link : CVE-2025-25894
Mitre link : CVE-2025-25894
CVE.ORG link : CVE-2025-25894
JSON object : View
Products Affected
dlink
- dsl-3782_firmware
- dsl-3782
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')