CVE-2025-6932
BaseFortify
Publication date: 2025-06-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dcs-7517_firmware | to 2.02.0 (inc) |
| dlink | dcs-7517 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-255 | |
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the D-Link DCS-7517 device up to version 2.02.0, specifically in the Qlync Password Generation Handler function g_F_n_GenPassForQlync. It involves the use of a hard-coded password, which can be exploited remotely. Although the attack complexity is high and exploitability is difficult, the exploit has been publicly disclosed. The affected products are no longer supported by the maintainer.
How can this vulnerability impact me? :
The vulnerability allows an attacker to remotely exploit the device by leveraging a hard-coded password, potentially gaining unauthorized access. This could compromise the security of the device and any network it is connected to. However, the attack complexity is high and exploitability is difficult, which may limit the likelihood of exploitation.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability involves the use of a hard-coded password in D-Link DCS-7517 devices up to version 2.02.0, and these products are no longer supported by the maintainer, immediate mitigation steps include restricting remote access to the affected device, disabling the vulnerable service if possible, and replacing the device with a supported model that does not have this vulnerability.