CVE-2025-45729 is a vulnerability identified in the D-Link DIR-823-Pro router firmware version 1.02. The issue stems from improper permission control within the device's management interface, which allows unauthorized users to enable and access Telnet services remotely. Telnet is a legacy protocol that transmits data, including authentication credentials, in plaintext, making it inherently insecure. By exploiting this vulnerability, an attacker can activate the Telnet service without proper authentication and gain command-line access to the router. This unauthorized access could allow attackers to execute arbitrary commands, modify device configurations, intercept network traffic, or pivot to other devices within the network. The vulnerability does not have a CVSS score yet and no known exploits have been reported in the wild as of the publication date. However, the nature of the flaw—improper permission control combined with enabling a weakly secured service—makes it a significant security risk. The lack of authentication requirement to enable Telnet and the potential for remote exploitation increase the attack surface considerably. Given that routers like the DIR-823-Pro are often deployed in home and small office environments, exploitation could lead to compromised network integrity and confidentiality, as well as potential disruption of network availability.

For European organizations, this vulnerability poses a substantial risk, especially for small and medium enterprises (SMEs) and home office setups that rely on D-Link DIR-823-Pro routers. Unauthorized Telnet access could lead to full compromise of the router, allowing attackers to intercept sensitive communications, redirect traffic, or launch further attacks within the corporate network. This could result in data breaches, loss of intellectual property, and disruption of business operations. Additionally, compromised routers could be used as entry points for lateral movement or as part of botnets, amplifying the threat landscape. The impact is heightened in sectors with stringent data protection requirements under GDPR, where unauthorized access to network infrastructure could lead to regulatory penalties and reputational damage. Moreover, the vulnerability could affect remote workers who use these routers, potentially exposing corporate VPNs or other remote access services to compromise.

To mitigate this vulnerability, European organizations should first verify if they are using the affected D-Link DIR-823-Pro firmware version 1.02. Since no official patch links are currently available, organizations should contact D-Link support for firmware updates or advisories. In the interim, it is critical to disable Telnet services entirely on the router, if enabled, and restrict administrative access to the device via secure channels only (e.g., HTTPS with strong authentication). Network segmentation should be employed to isolate routers from critical internal systems. Monitoring network traffic for unusual Telnet activity or unauthorized configuration changes can help detect exploitation attempts. Organizations should also consider replacing affected routers with models that have robust security controls and support secure management protocols such as SSH. Implementing strong password policies and multi-factor authentication for device management interfaces will further reduce risk. Finally, educating users about the risks of legacy protocols and ensuring regular firmware updates are part of the security hygiene is essential.