Analysis Summary

CVE-2025-4904 CVSS:5.3

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4903 CVSS:5.3

A vulnerability, which was classified as critical, was found in D-Link. This affects the function sub_41F4F0 of the file /H5/webgl.asp tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4902 CVSS:5.3

A vulnerability, which was classified as problematic, has been found in D-Link. Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4901 CVSS:4.3

A vulnerability classified as problematic was found in D-Link. Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.

Impact

• Information Disclosure

Indicators of Compromise

CVE

• CVE-2025-4904

• CVE-2025-4903

• CVE-2025-4902

• CVE-2025-4901

Affected Vendors

Remediation

Refer to the D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website