Skip to main content

CVE-2025-4901: Information Disclosure in D-Link DI-7003GV2

Medium
VulnerabilityCVE-2025-4901cvecve-2025-4901
Published: Sun May 18 2025 (05/18/2025, 23:31:04 UTC)
Source: CVE
Vendor/Project: D-Link
Product: DI-7003GV2

Description

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/11/2025, 20:34:11 UTC

Technical Analysis

CVE-2025-4901 is an information disclosure vulnerability identified in the D-Link DI-7003GV2 router, specifically in firmware version 24.04.18D1 R(68125). The vulnerability resides in the HTTP Endpoint component, within the function sub_41E304 of the /H5/state_view.data file. An attacker who has access to the local network can exploit this flaw to retrieve sensitive information from the device. The vulnerability does not require authentication, user interaction, or elevated privileges, making it relatively straightforward to exploit for an attacker already inside the local network. However, the attack vector is limited to local network access, meaning remote exploitation over the internet is not feasible without prior network access. The CVSS v4.0 base score is 5.3, indicating a medium severity level. The vulnerability could potentially expose configuration details or operational state information that could be leveraged for further attacks or network reconnaissance. No patches or fixes have been publicly linked yet, and while the exploit has been disclosed publicly, there are no known active exploitations in the wild at this time.

Potential Impact

For European organizations, the impact of this vulnerability primarily concerns internal network security. If an attacker gains access to the local network—via compromised devices, insider threats, or physical access—they could exploit this vulnerability to gather sensitive information from the affected D-Link routers. This information disclosure could facilitate lateral movement within the network, enable more targeted attacks, or reveal network topology and device configurations. Organizations relying on the DI-7003GV2 model for critical infrastructure or sensitive operations could face increased risk of espionage or data leakage. The medium severity rating suggests that while the vulnerability is not immediately critical, it poses a meaningful risk in environments where network segmentation and access controls are weak or where the device is deployed in sensitive network segments. Given the lack of remote exploitability, the threat is mitigated somewhat by robust perimeter defenses but remains a concern for internal security posture.

Mitigation Recommendations

European organizations should implement strict network segmentation to limit access to the local network where D-Link DI-7003GV2 devices are deployed. Access control lists (ACLs) and VLANs should be used to isolate management interfaces and sensitive network segments. Monitoring and logging of local network traffic for unusual HTTP requests targeting the /H5/state_view.data endpoint can help detect exploitation attempts. Since no official patch is currently available, organizations should consider temporary mitigations such as disabling or restricting access to the HTTP management interface from untrusted internal hosts. Additionally, physical security controls should be enforced to prevent unauthorized local network access. Organizations should engage with D-Link support channels to obtain firmware updates or patches as they become available and plan for timely deployment. Regular vulnerability scanning and penetration testing should include checks for this vulnerability to ensure it is not exploitable in their environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-05-17T13:06:08.268Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682cd0f81484d88663aeb80e

Added to database: 5/20/2025, 6:59:04 PM

Last enriched: 7/11/2025, 8:34:11 PM

Last updated: 8/15/2025, 5:17:57 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats