Vulnerability Description
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dcnetworks | Dcme-720 Firmware | 9.1.5.11 |
| Dcnetworks | Dcme-720 | - |
Related Weaknesses (CWE)
References
- https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.mdExploitThird Party Advisory
- https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%ExploitThird Party Advisory
- https://vuldb.com/?ctiid.321220Permissions RequiredVDB Entry
- https://vuldb.com/?id.321220Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630727Third Party AdvisoryVDB Entry
- https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.mdExploitThird Party Advisory
- https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%ExploitThird Party Advisory
FAQ
What is CVE-2025-9387?
CVE-2025-9387 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Perfo...
How severe is CVE-2025-9387?
CVE-2025-9387 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9387?
Check the references section above for vendor advisories and patch information. Affected products include: Dcnetworks Dcme-720 Firmware, Dcnetworks Dcme-720.