Skip to main content

CVE-2025-4903: Unverified Password Change in D-Link DI-7003GV2

Medium
VulnerabilityCVE-2025-4903cvecve-2025-4903
Published: Mon May 19 2025 (05/19/2025, 00:31:04 UTC)
Source: CVE
Vendor/Project: D-Link
Product: DI-7003GV2

Description

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AI-Powered Analysis

AILast updated: 07/11/2025, 19:03:55 UTC

Technical Analysis

CVE-2025-4903 is a critical vulnerability identified in the D-Link DI-7003GV2 router, specifically affecting firmware version 24.04.18D1 R(68125). The vulnerability resides in the function sub_41F4F0 within the web interface endpoint /H5/webgl.asp, which handles parameters including tggl_port, remote_management, http_passwd, and exec_service. The flaw allows an attacker to perform an unverified password change remotely without any authentication or user interaction. This means an attacker can directly manipulate the router's password by sending crafted HTTP requests to the vulnerable endpoint, bypassing any security checks that would normally prevent unauthorized password modifications. The vulnerability's CVSS 4.0 base score is 6.9, categorized as medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, no user interaction, and limited impact on integrity (password change) but no impact on confidentiality or availability. Although no known exploits are currently observed in the wild, the exploit code has been publicly disclosed, increasing the risk of exploitation. This vulnerability could allow attackers to gain persistent unauthorized access to the router, potentially leading to further network compromise, interception of traffic, or use of the device as a foothold for lateral movement within affected networks.

Potential Impact

For European organizations, the impact of this vulnerability can be significant, especially for those relying on the D-Link DI-7003GV2 router in their network infrastructure. Unauthorized password changes can lead to loss of administrative control over the device, enabling attackers to reconfigure network settings, disable security features, or redirect traffic for espionage or data exfiltration. This poses risks to confidentiality and integrity of sensitive data traversing the network. Additionally, compromised routers can be leveraged as entry points for broader attacks on corporate networks or as part of botnets for distributed denial-of-service (DDoS) attacks. Critical infrastructure operators, small and medium enterprises, and public sector organizations using this device are particularly at risk. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the likelihood of attacks if devices remain unpatched. Given the public disclosure of the exploit, European organizations must prioritize mitigation to prevent potential breaches and operational disruptions.

Mitigation Recommendations

1. Immediate firmware update: Organizations should verify if D-Link has released a patched firmware version addressing CVE-2025-4903 and apply it promptly. 2. Network segmentation: Isolate vulnerable routers from critical network segments to limit potential lateral movement if compromised. 3. Access control: Restrict remote management access to trusted IP addresses only and disable remote management if not required. 4. Monitoring and logging: Enable detailed logging on routers and monitor for unusual configuration changes or access attempts to the /H5/webgl.asp endpoint. 5. Incident response readiness: Prepare to respond to potential compromises by having backup configurations and recovery procedures in place. 6. Vendor engagement: Engage with D-Link support for official guidance and confirm the availability of patches or workarounds. 7. Replace end-of-life devices: If no patch is available, consider replacing affected routers with models that receive regular security updates. These steps go beyond generic advice by focusing on network architecture adjustments, proactive monitoring, and vendor coordination tailored to this specific vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-05-17T13:06:16.188Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682cd0f81484d88663aeb6d2

Added to database: 5/20/2025, 6:59:04 PM

Last enriched: 7/11/2025, 7:03:55 PM

Last updated: 8/11/2025, 9:48:54 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats