D-Link Di 7003g Firmware

D-Link DI-7003GV2 R(68125) Info Disclosure via sub_48F4F0 Remote
CVE-2025-4902 7.5 - High - May 19, 2025

A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

INFO-LEAK in D-Link DI-7003GV2 24.04.18D1 via sub_41F0FC
CVE-2025-4904 5.3 - Medium - May 19, 2025

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. This vulnerability affects the function sub_41F0FC of the file /H5/webgl.data. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

D-Link DI-7003GV2 24.04.18D1 R(68125) Remote Password Update Exploit
CVE-2025-4903 7.5 - High - May 19, 2025

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Unverified Password Change

D-Link DI-7003GV2 24.04.18D1 HTTP EP info discl
CVE-2025-4901 6.5 - Medium - May 19, 2025

A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used.

Information Disclosure

Denial of Service in D-Link DI-7003GV2 /H5/restart.asp (v24.04.18D1)
CVE-2025-4756 7.5 - High - May 16, 2025

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Improper Resource Shutdown or Release

D-Link DI-7003GV2 24.04.18D1 Remote Auth Bypass via netconfig.asp
CVE-2025-4755 5.3 - Medium - May 16, 2025

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been classified as critical. This affects the function sub_497DE4 of the file /H5/netconfig.asp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

authentification

D-Link DI-7003GV2 24.04.18D1 R(68125) – /login.data Info Disclosure Remote
CVE-2025-4753 5.3 - Medium - May 16, 2025

A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this issue is some unknown functionality of the file /login.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

INFODIS in D-Link DI-7003GV2 24.04.18D1 via index.data
CVE-2025-4751 7.5 - High - May 16, 2025

A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

Remote Info Disclosure via /install_base.data in D-Link DI-7003GV2 v24.04.18D1
CVE-2025-4752 5.3 - Medium - May 16, 2025

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /install_base.data. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

D-Link DI-7003GV2 24.04.18D1 Config Handler Info Leak (CVE-2025-4750)
CVE-2025-4750 5.3 - Medium - May 16, 2025

A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). This issue affects some unknown processing of the file /H5/get_version.data of the component Configuration Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Information Disclosure

D-Link DI-7003GV2 24.04.18D1 DoS via Remote Factory Reset Handler
CVE-2025-4749 7.5 - High - May 16, 2025

A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Improper Resource Shutdown or Release

TCP session hijack in D-Link DI-7003GV2 router (CVE-2023-30309)
CVE-2023-30309 - May 28, 2024

An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.