DSL7740C
by Dlink
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29515 | Cri | 0.64 | 9.8 | 0.01 | Aug 25, 2025 | Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | ||
| CVE-2025-29514 | Cri | 0.64 | 9.8 | 0.01 | Aug 25, 2025 | Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | ||
| CVE-2020-12774 | Hig | 0.53 | 8.2 | 0.00 | Jul 22, 2020 | D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | ||
| CVE-2025-29523 | Hig | 0.47 | 7.2 | 0.02 | Aug 25, 2025 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. | ||
| CVE-2025-29516 | Hig | 0.47 | 7.2 | 0.02 | Aug 25, 2025 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | ||
| CVE-2025-29517 | Med | 0.44 | 6.8 | 0.02 | Aug 25, 2025 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | ||
| CVE-2025-29522 | Med | 0.42 | 6.5 | 0.01 | Aug 25, 2025 | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. | ||
| CVE-2025-29519 | Med | 0.35 | 5.3 | 0.02 | Aug 25, 2025 | A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | ||
| CVE-2025-29521 | Med | 0.34 | 5.3 | 0.01 | Aug 25, 2025 | Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. | ||
| CVE-2025-29520 | Med | 0.34 | 5.3 | 0.01 | Aug 25, 2025 | Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. |
- risk 0.64cvss 9.8epss 0.01
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password.
- risk 0.64cvss 9.8epss 0.01
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request.
- risk 0.53cvss 8.2epss 0.00
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
- risk 0.47cvss 7.2epss 0.02
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.
- risk 0.47cvss 7.2epss 0.02
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function.
- risk 0.44cvss 6.8epss 0.02
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function.
- risk 0.42cvss 6.5epss 0.01
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function.
- risk 0.35cvss 5.3epss 0.02
A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.
- risk 0.34cvss 5.3epss 0.01
Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.
- risk 0.34cvss 5.3epss 0.01
Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges.