Key Information 1. Basic Information Vendor: D-Link Product: DI-7100G Firmware Version: c1 Vulnerability Type: Command Injection CVE ID: CVE-2025-57636 Update Date: 2020/02/21 2. Vulnerability Description Location: Command injection vulnerability exists in the function within the function. Specific Code: At line 13, is followed by . The value of comes from , meaning it is controlled via the HTTP parameter "time". Attack Method: An attacker can inject malicious commands (e.g., ) into the parameter, causing the function to execute the concatenated string, thereby achieving arbitrary command execution. 3. POC (Proof of Concept) Request Example: Effect: The above PoC can enable the device's Telnet service. 4. Reporter Reporter: jfkk (jfkk2331997024@gmail.com)