- Description
- D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-798
- Hype score
- Not currently trending
CVE-2025-45784 (CVSS:9.8, CRITICAL) is Received. D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may..https://t.co/K9CS2H7hbI #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
23 Jun 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-45784 D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacke… https://t.co/ChnnMtxsdq
@CVEnew
19 Jun 2025
489 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-45784 Hardcoded Provisioning Credentials Vulnerability in D-Link DPH-400S/SE VoIP Phone https://t.co/tvbDS0rsxl
@VulmonFeeds
18 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dph-400se_firmware:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C5562F5-D61A-4D1F-B899-0C6EEC46DBEF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:d-link:dph-400se:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2E5534B1-36A0-4CC4-A3D4-5BB69026EA51"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dph-400s_firmware:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88E473A7-5416-4273-B07C-F8A95C6F3E9D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:d-link:dph-400s:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3AEF259E-170D-4061-A011-40C16DED82AD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]