Dlink Dsl-7740C Firmware vulnerabilities

CVE-2025-29514 [CRITICAL] CWE-284 CVE-2025-29514: Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request.

CVE-2025-29515 [CRITICAL] CWE-284 CVE-2025-29515: Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6 Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password.

CVE-2025-29523 [HIGH] CWE-77 CVE-2025-29523: D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command inject D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.

CVE-2025-29516 [HIGH] CWE-77 CVE-2025-29516: D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command inject D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function.

CVE-2025-29521 [MEDIUM] CWE-1392 CVE-2025-29521: Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740 Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.

CVE-2025-29522 [MEDIUM] CWE-77 CVE-2025-29522: D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command inject D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function.

CVE-2025-29517 [MEDIUM] CWE-77 CVE-2025-29517: D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command inject D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function.

CVE-2025-29519 [MEDIUM] CWE-77 CVE-2025-29519: A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6 A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.

CVE-2025-29520 [MEDIUM] CWE-284 CVE-2025-29520: Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR0 Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges.

CVE-2020-12774 [HIGH] CWE-78 CVE-2020-12774: D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to in D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.