CVE-2025-4750 is a medium-severity information disclosure vulnerability affecting the D-Link DI-7003GV2 router, specifically version 24.04.18D1 R(68125). The vulnerability arises from improper handling of requests to the /H5/get_version.data endpoint within the device's Configuration Handler component. An attacker can remotely exploit this flaw without requiring authentication or user interaction, leveraging the network accessibility of the device to retrieve sensitive information. Although the exact nature of the disclosed information is unspecified, such leaks typically include firmware version details, configuration parameters, or other internal data that could facilitate further attacks or reconnaissance. The vulnerability has been publicly disclosed, increasing the risk of exploitation, but no confirmed active exploitation in the wild has been reported to date. The CVSS 4.0 base score of 6.9 reflects a medium severity, driven by the vulnerability's network attack vector, low complexity, and lack of required privileges or user interaction, but limited impact confined to confidentiality with no direct integrity or availability consequences. The absence of a patch or mitigation details in the provided information suggests that affected users should prioritize monitoring and defensive measures until an official fix is released.

For European organizations, the information disclosure vulnerability in the D-Link DI-7003GV2 router can have several implications. Disclosure of device configuration or firmware details can aid attackers in crafting targeted exploits or launching subsequent attacks such as privilege escalation, device takeover, or lateral movement within networks. Organizations relying on these routers for critical network infrastructure or IoT connectivity could face increased risk of network reconnaissance and compromise. Confidentiality breaches may expose internal network architecture or security configurations, undermining organizational security posture. While the vulnerability does not directly impact availability or integrity, the indirect consequences of information leakage could facilitate more severe attacks. Given the remote and unauthenticated nature of the exploit, attackers can operate stealthily, increasing the threat to enterprises, especially those with exposed or poorly segmented network environments. This risk is heightened in sectors with stringent data protection requirements under GDPR, where unauthorized data exposure can lead to regulatory penalties and reputational damage.

1. Network Segmentation: Isolate D-Link DI-7003GV2 devices from critical network segments and restrict access to management interfaces to trusted internal networks only. 2. Access Controls: Implement firewall rules to block external access to the /H5/get_version.data endpoint and related management ports, minimizing exposure to remote attackers. 3. Monitoring and Logging: Enable detailed logging on network devices and monitor for unusual or repeated requests targeting the vulnerable endpoint to detect potential exploitation attempts early. 4. Firmware Updates: Regularly check for official firmware updates or security advisories from D-Link addressing this vulnerability and apply patches promptly once available. 5. Device Replacement: For high-risk environments, consider replacing affected devices with models that have no known vulnerabilities or have received timely security updates. 6. Incident Response Preparedness: Develop and test incident response plans that include procedures for handling information disclosure incidents and potential follow-on attacks. 7. Vendor Engagement: Engage with D-Link support channels to obtain guidance and timelines for remediation and to report any suspicious activity related to this vulnerability.