CVE-2025-6931

Published: Jun 30, 2025Modified: Jun 17, 2026

2.9

Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected (2)

Products: Dlink: Dcs 6517 Firmware, Dcs 7517 Firmware

2 products

Dcs 6517 Firmware

Dcs 7517 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 6517 Firmware	Up to 2.02.0

Running on/with	Platform Versions
Dlink Dcs 6517	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dcs 7517 Firmware	Up to 2.02.0

Running on/with	Platform Versions
Dlink Dcs 7517	All versions

Related CWEs

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (10)

http://cdn2.v50to.cc/dlink/DCS-6517B1_FW_v2.02.01/report_3.pdf

Source: cna@vuldb.com

ExploitThird Party Advisory

http://cdn2.v50to.cc/dlink/DCS-7517_B1_FW_v2.02.01/report_1.pdf

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.314443

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.314443

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.605592

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.605593

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.605596

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.dlink.com/

Source: cna@vuldb.com

Product

http://cdn2.v50to.cc/dlink/DCS-6517B1_FW_v2.02.01/report_3.pdf

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

http://cdn2.v50to.cc/dlink/DCS-7517_B1_FW_v2.02.01/report_1.pdf

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.