CVE-2025-4756: Denial of Service in D-Link DI-7003GV2
A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AI Analysis
Technical Summary
CVE-2025-4756 is a medium-severity vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability resides in an unspecified portion of the /H5/restart.asp file, which is part of the device's web interface. Exploitation of this flaw allows an unauthenticated remote attacker to trigger a denial of service (DoS) condition. The attack vector requires no user interaction, privileges, or authentication, and can be initiated over the network, making it accessible to any attacker with network access to the device. The vulnerability leads to a disruption of service, likely by causing the device to crash or restart, thereby interrupting network connectivity for users relying on the affected router. Although the exact technical mechanism is not detailed, the endpoint /H5/restart.asp suggests the vulnerability may be related to improper handling of restart commands or parameters, which can be manipulated to destabilize the device. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the ease of exploitation and the impact on availability, with no impact on confidentiality or integrity. No patches or fixes have been publicly linked yet, and no known exploits are reported in the wild, but public disclosure of the exploit code increases the risk of active exploitation.
Potential Impact
For European organizations, the impact of this vulnerability primarily concerns availability and operational continuity. Organizations using the D-Link DI-7003GV2 router in their network infrastructure may experience service interruptions if targeted by attackers exploiting this flaw. This can disrupt internet access, internal communications, and critical business operations dependent on network connectivity. Sectors with high reliance on continuous network uptime, such as finance, healthcare, manufacturing, and public services, could face operational delays and potential financial losses. Additionally, denial of service attacks can be leveraged as part of larger multi-vector attacks or to create distractions while other attacks are executed. Given the remote and unauthenticated nature of the exploit, attackers could launch attacks from anywhere, increasing the threat surface. However, since the vulnerability does not allow data compromise or privilege escalation, the impact on confidentiality and integrity is minimal.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployment of the D-Link DI-7003GV2 router running the affected firmware version 24.04.18D1 R(68125). Immediate steps include isolating these devices from untrusted networks or restricting access to the management interface to trusted IP addresses only. Network segmentation can limit exposure. Organizations should monitor network traffic for unusual requests to /H5/restart.asp and implement intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block exploitation attempts. Since no official patch is currently available, contacting D-Link support for firmware updates or advisories is critical. If possible, upgrading to a newer, unaffected firmware version or replacing the device with a more secure model is recommended. Additionally, organizations should maintain robust network monitoring and incident response plans to quickly identify and respond to any denial of service incidents. Regular backups and redundancy in network infrastructure can help maintain service continuity during attacks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-4756: Denial of Service in D-Link DI-7003GV2
Description
A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
AI-Powered Analysis
Technical Analysis
CVE-2025-4756 is a medium-severity vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability resides in an unspecified portion of the /H5/restart.asp file, which is part of the device's web interface. Exploitation of this flaw allows an unauthenticated remote attacker to trigger a denial of service (DoS) condition. The attack vector requires no user interaction, privileges, or authentication, and can be initiated over the network, making it accessible to any attacker with network access to the device. The vulnerability leads to a disruption of service, likely by causing the device to crash or restart, thereby interrupting network connectivity for users relying on the affected router. Although the exact technical mechanism is not detailed, the endpoint /H5/restart.asp suggests the vulnerability may be related to improper handling of restart commands or parameters, which can be manipulated to destabilize the device. The CVSS 4.0 base score of 6.9 reflects a medium severity, considering the ease of exploitation and the impact on availability, with no impact on confidentiality or integrity. No patches or fixes have been publicly linked yet, and no known exploits are reported in the wild, but public disclosure of the exploit code increases the risk of active exploitation.
Potential Impact
For European organizations, the impact of this vulnerability primarily concerns availability and operational continuity. Organizations using the D-Link DI-7003GV2 router in their network infrastructure may experience service interruptions if targeted by attackers exploiting this flaw. This can disrupt internet access, internal communications, and critical business operations dependent on network connectivity. Sectors with high reliance on continuous network uptime, such as finance, healthcare, manufacturing, and public services, could face operational delays and potential financial losses. Additionally, denial of service attacks can be leveraged as part of larger multi-vector attacks or to create distractions while other attacks are executed. Given the remote and unauthenticated nature of the exploit, attackers could launch attacks from anywhere, increasing the threat surface. However, since the vulnerability does not allow data compromise or privilege escalation, the impact on confidentiality and integrity is minimal.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify any deployment of the D-Link DI-7003GV2 router running the affected firmware version 24.04.18D1 R(68125). Immediate steps include isolating these devices from untrusted networks or restricting access to the management interface to trusted IP addresses only. Network segmentation can limit exposure. Organizations should monitor network traffic for unusual requests to /H5/restart.asp and implement intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block exploitation attempts. Since no official patch is currently available, contacting D-Link support for firmware updates or advisories is critical. If possible, upgrading to a newer, unaffected firmware version or replacing the device with a more secure model is recommended. Additionally, organizations should maintain robust network monitoring and incident response plans to quickly identify and respond to any denial of service incidents. Regular backups and redundancy in network infrastructure can help maintain service continuity during attacks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-15T09:03:14.927Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd0f91484d88663aebdbd
Added to database: 5/20/2025, 6:59:05 PM
Last enriched: 7/11/2025, 11:18:49 PM
Last updated: 7/31/2025, 2:53:30 PM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.