Unrated severityNVD Advisory· Published Jun 18, 2025· Updated Jun 18, 2025
CVE-2025-45784
CVE-2025-45784
Description
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = v1.01
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.