D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
D-link
D-link dph-400s D-link dph-400s Firmware D-link dph-400se D-link dph-400se Firmware |
|
CPEs | cpe:2.3:h:d-link:dph-400s:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dph-400se:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dph-400s_firmware:1.0.1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dph-400se_firmware:1.0.1:*:*:*:*:*:*:* |
|
Vendors & Products |
D-link
D-link dph-400s D-link dph-400s Firmware D-link dph-400se D-link dph-400se Firmware |
Wed, 18 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-798 | |
Metrics |
cvssV3_1
|
Wed, 18 Jun 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-06-18T00:00:00.000Z
Updated: 2025-06-18T14:25:38.614Z
Reserved: 2025-04-22T00:00:00.000Z
Link: CVE-2025-45784

Updated: 2025-06-18T14:24:55.971Z

Status : Analyzed
Published: 2025-06-18T14:15:44.553
Modified: 2025-06-26T15:54:43.523
Link: CVE-2025-45784

No data.