Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-45784

Опубликовано: 18 июн. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dph-400se_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dph-400se:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dph-400s_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dph-400s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00247
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798

Связанные уязвимости

github логотип

GHSA-jwww-fv33-3qg5

CVSS3: 9.8
github
2 месяца назад

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

fstec логотип

BDU:2025-09335

CVSS3: 9.8
fstec
2 месяца назад

Уязвимость VoIP-телефонов D-Link DPH-400S и DPH-400SE, связанная с раскрытием информации через регистрационные файлы, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 48%
0.00247
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798