Severity
Medium
Analysis Summary
CVE-2025-4904 CVSS:5.3
A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4903 CVSS:5.3
A vulnerability, which was classified as critical, was found in D-Link. This affects the function sub_41F4F0 of the file /H5/webgl.asp tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4902 CVSS:5.3
A vulnerability, which was classified as problematic, has been found in D-Link. Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4901 CVSS:4.3
A vulnerability classified as problematic was found in D-Link. Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.
Impact
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-4904
CVE-2025-4903
CVE-2025-4902
CVE-2025-4901
Affected Vendors
- D-Link
Affected Products
- D-Link DI-7003GV2 - 24.04.18D1 R(68125)
Remediation
Refer to the D-Link Website for patch, upgrade, or suggested workaround information.