CVE-2025-4901
Problematic vulnerability found in D-Link DI-7003GV2 24.04.18D1 R(68125)
Overview
The vulnerability CVE-2025-4901 has been identified in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability can lead to information disclosure via function sub_41E304 of the file /H5/state_view.data belonging to the HTTP Endpoint. The attack can be implemented from within the local network.
Technical Details
This vulnerability affects the function sub_41E304 in the file /H5/state_view.data. It is associated with the HTTP Endpoint component. The vulnerability is triggered when unauthorised manipulation of input data occurs, leading to the disclosure of sensitive information.
CVSS Metrics
- Base Score: 5.3
- Attack Vector: ADJACENT
- Attack Complexity: LOW
- User Interaction: NONE
- Confidentiality Impact: LOW
Impact
The successful exploitation of this vulnerability would result in information disclosure.
Recommendations
To mitigate this vulnerability, restrict local access to the machine hosting D-Link DI-7003GV2 24.04.18D1 R(68125). Regularly update and patch the software, disable unnecessary services, and monitor network traffic for signs of unauthorized activity.
Threat Metrics
- "cvss_score": 5.3
- "severity": "MEDIUM"
- "attack_vector": "ADJACENT"
- "attack_complexity": "LOW"