Rewterz

ICS: Multiple Siemens Products Vulnerabilities

June 19, 2025
Rewterz

CVE-2025-6151 – TP-Link TL-WR940N Vulnerability

June 19, 2025

Multiple D-Link Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-45784 CVSS:9.8

D-Link DPH-400S/SE VoIP Phone contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

CVE-2025-6158 CVSS:9

A vulnerability classified as critical has been found in D-Link DIR-665. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Impact

  • Information Disclosure
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-45784

  • CVE-2025-6158

Affected Vendors

  • D-Link

Affected Products

  • D-Link DPH-400S/SE VoIP Phone v1.01
  • D-Link DIR-665 1.00

Remediation

Refer to the D-Link Website for patch, upgrade, or suggested workaround information.

D-Link Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.