9.8

CVE-2025-45784

Exploit

EPSS 0.26%
Published 18.06.2025 14:15:44
Last modified 22.07.2025 14:24:59
Source cve@mitre.org
Teams watchlist Login
Open Login

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dph-400se Firmware Version1.01

Dlink ≫ Dph-400se Version-

Dlink ≫ Dph-400s Firmware Version1.01

Dlink ≫ Dph-400s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.49

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

https://cybermaya.in/posts/Post-37/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-45784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-45784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-45784

EUVD