CVE-2025-45784

Published: Jun 18, 2025

Modified: Jun 18, 2025

PUBLISHED

Description

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.dlink.com/en/security-bulletin/

https://cybermaya.in/posts/Post-37/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-45784

Description

Affected Products

References