CVE-2025-29515

EUVD-2025-25743
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
dlinkdsl-7740c_firmware
6.tr069.20211230:tr069.20211230
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/stevenyu113228/0bf32385245f71dfe11b0ef77c468392
https://www.dlink.com/en/security-bulletin/