ГлавнаяУязвимости → CVE-2025-45784
9.8критическая

CVE-2025-45784

Описание

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Затрагиваемое ПО
Dlink Dph-400se firmwareDlink Dph-400seDlink Dph-400s firmwareDlink Dph-400s
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://cybermaya.in/posts/Post-37/https://www.dlink.com/en/security-bulletin/