CVE-2025-29517
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-09-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dsl-7740c_firmware | 6.tr069.20211230 |
| dlink | dsl-7740c | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-29517 is a critical command injection vulnerability in the D-Link DSL-7740C modem firmware version DSL7740C.V6.TR069.20211230. It exists in the traceroute6 function accessible via SSH or Telnet interfaces, specifically in the "19.Ping and Traceroute6 Test" menu under "03 Run Traceroute6 Test." An attacker with administrative credentials can inject malicious commands by submitting a specially crafted destination string during a traceroute test, leading to arbitrary remote code execution with elevated privileges on the device. [1]
How can this vulnerability impact me? :
This vulnerability can lead to complete device compromise, allowing an attacker to disrupt services, alter device configurations, intercept or manipulate network traffic, and potentially breach the network perimeter to access sensitive areas. The attacker gains full control over the device by executing arbitrary commands with elevated privileges. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to use the traceroute6 function on the D-Link DSL-7740C device via SSH or Telnet interfaces, specifically through the '19.Ping and Traceroute6 Test' menu option under '03 Run Traceroute6 Test.' A detection method involves submitting a test destination string with a command injection payload, such as `1 || echo vulnerable > /tmp/vuln_test #`, and then checking if the file /tmp/vuln_test is created on the device. This indicates the device is vulnerable to command injection. Commands to check might include using SSH or Telnet to access the device and running the traceroute6 test with crafted input, then verifying the side effects on the device filesystem or process list. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrative access to the device's SSH and Telnet interfaces to trusted users only, disabling the traceroute6 function if possible, and monitoring for any unusual traceroute6 test inputs or device behavior. Applying firmware updates from D-Link that address this vulnerability once available is critical. Until a patch is released, network segmentation and strict access controls should be enforced to limit potential exploitation. [1]