D-Link DI-7003GV2 24.04.18D1 R(68125) Remote Password Update Exploit
CVE-2025-4903 Published on May 19, 2025
D-Link DI-7003GV2 webgl.asp sub_41F4F0 unverified password change
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication. This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
Weak Password Recovery Mechanism for Forgotten Password
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Products Associated with CVE-2025-4903
Want to know whenever a new CVE is published for D-Link Di 7003g Firmware? stack.watch will email you.
Affected Versions
D-Link DI-7003GV2 Version 24.04.18D1 R(68125) is affected by CVE-2025-4903Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.