D-Link DAP-2695 Improper Sign Verify in Firmware Update Handler RC13
CVE-2025-12295 Published on October 27, 2025
D-Link DAP-2695 Firmware Update sub_40C6B8 signature verification
A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Products Associated with CVE-2025-12295
Want to know whenever a new CVE is published for D-Link Dap 2695? stack.watch will email you.
Affected Versions
D-Link DAP-2695 Version 2.00RC13 is affected by CVE-2025-12295Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.