Analysis Summary

CVE-2025-45784 CVSS:9.8

D-Link DPH-400S/SE VoIP Phone contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

CVE-2025-6158 CVSS:9

A vulnerability classified as critical has been found in D-Link DIR-665. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Impact

• Information Disclosure
• Buffer Overflow

Indicators of Compromise

CVE

• CVE-2025-45784

• CVE-2025-6158

Affected Vendors

Remediation

Refer to the D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website