CVE-2025-29520

CWE-284Improper Access Control3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 77.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dsl-7740c Firmware
Timeline
PublishedAug 25
Latest updateAug 26

Description

Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDdlink/dsl-7740c_firmware6.tr069.20211230

🔴Vulnerability Details

2
GHSA
GHSA-574m-6cvf-845m: Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C2025-08-26
CVEList
CVE-2025-29520: Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C2025-08-25
CVE-2025-29520 (MEDIUM CVSS 5.3) | Incorrect access control in the Mai | cvebase.io