CVE-2025-9387 in DCME-720info

Summary

by MITRE • 08/24/2025

A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 09/12/2025

This vulnerability represents a critical os command injection flaw in the DCN DCME-720 9.1.5.11 web management backend system. The issue resides within the ip_block.php file located at /usr/local/www/function/audit/newstatistics/, where an unknown function processes user input without proper sanitization or validation. The vulnerability specifically manifests when manipulating the ip argument parameter, which allows attackers to inject malicious os commands that execute with the privileges of the web application. This type of vulnerability falls under CWE-77 which categorizes improper neutralization of special elements used in os commands, making it a direct path for remote code execution. The attack vector is particularly concerning as it can be initiated remotely without requiring any authentication, making the system highly accessible to potential attackers.

The operational impact of this vulnerability extends far beyond simple data compromise, as successful exploitation could enable attackers to gain full control over the affected system. The web management backend serves as a critical interface for network administrators, making this vulnerability particularly dangerous as it could allow unauthorized individuals to manipulate network configurations, access sensitive data, or establish persistent backdoors. Command injection attacks of this nature often align with ATT&CK technique T1059.001 which describes the use of command and scripting interpreter for execution. The fact that this vulnerability has been made public and is actively exploitable means that threat actors can leverage existing tools and techniques to compromise affected systems without requiring advanced technical skills.

Security professionals should immediately assess their network infrastructure for any systems running DCN DCME-720 9.1.5.11 or similar vulnerable products, as the lack of vendor response creates an urgent need for proactive mitigation. Organizations should implement network segmentation to isolate affected systems, deploy web application firewalls to monitor and block suspicious command injection attempts, and consider disabling unnecessary web management interfaces. The absence of vendor response compounds the risk as there are no official patches or updates available, forcing organizations to rely on temporary workarounds such as input validation rules, privilege reduction, and monitoring for anomalous command execution patterns. Additionally, implementing robust logging and alerting mechanisms around the affected file path would help detect exploitation attempts and provide forensic evidence for incident response activities. Given the public availability of exploit code and the remote attack capability, immediate action is required to protect network infrastructure from potential compromise.

Responsible

VulDB

Disclosure

08/24/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.09314

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!