CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cybermaya.in/posts/Post-37/	Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dph-400se_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dph-400se:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dph-400s_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dph-400s:-:*:*:*:*:*:*:*

History

22 Jul 2025, 14:24

Type	Values Removed	Values Added
References	~~() https://cybermaya.in/posts/Post-37/ - Third Party Advisory, Exploit~~	() https://cybermaya.in/posts/Post-37/ - Exploit, Third Party Advisory
First Time		Dlink Dlink dph-400se Firmware Dlink dph-400s Firmware Dlink dph-400s Dlink dph-400se
CPE	cpe:2.3:o:d-link:dph-400se_firmware:1.0.1:::::::* cpe:2.3:h:d-link:dph-400se:-:::::::* cpe:2.3:h:d-link:dph-400s:-:::::::* cpe:2.3:o:d-link:dph-400s_firmware:1.0.1:::::::*	cpe:2.3:o:dlink:dph-400se_firmware:1.01:::::::* cpe:2.3:o:dlink:dph-400s_firmware:1.01:::::::* cpe:2.3:h:dlink:dph-400se:-:::::::* cpe:2.3:h:dlink:dph-400s:-:::::::*

26 Jun 2025, 15:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-18 14:15

Updated : 2025-07-22 14:24

NVD link : CVE-2025-45784

Mitre link : CVE-2025-45784

CVE.ORG link : CVE-2025-45784

JSON object : View

Products Affected

dlink

dph-400se
dph-400s
dph-400s_firmware
dph-400se_firmware

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-45784", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-18T14:15:44.553", "references": [{"url": "https://cybermaya.in/posts/Post-37/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary."}, {"lang": "es", "value": "D-Link DPH-400S/SE VoIP Phone v1.01 contiene variables de aprovisionamiento codificadas, como PROVIS_USER_PASSWORD, que pueden exponer credenciales de usuario confidenciales. Un atacante con acceso a la imagen del firmware puede extraer estas credenciales mediante herramientas de an\u00e1lisis est\u00e1tico como cadenas o xxd, lo que podr\u00eda provocar acceso no autorizado a funciones del dispositivo o cuentas de usuario. Esta vulnerabilidad se debe al almacenamiento inseguro de informaci\u00f3n confidencial en el binario del firmware."}], "lastModified": "2025-07-22T14:24:59.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dph-400se_firmware:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "798F2BDE-82ED-4697-9B6F-426FCBC2449E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dph-400se:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49439D1C-6BC2-43CB-9716-F04552545CFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dph-400s_firmware:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF9A5FC5-3433-4D34-8BC3-ED5A24411255"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dph-400s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06CEADB2-33B4-4463-8CCC-D13E0CD282CD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}