CVE-2025-29521

Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/stevenyu113228/73f06459df5ac3257ff451e382497832	Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dsl-7740c_firmware:6.tr069.20211230:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dsl-7740c:-:*:*:*:*:*:*:*

History

02 Sep 2025, 18:16

Type	Values Removed	Values Added
CPE		cpe:2.3:h:dlink:dsl-7740c:-:::::::* cpe:2.3:o:dlink:dsl-7740c_firmware:6.tr069.20211230:::::::*
References	~~() https://gist.github.com/stevenyu113228/73f06459df5ac3257ff451e382497832 -~~	() https://gist.github.com/stevenyu113228/73f06459df5ac3257ff451e382497832 - Exploit, Third Party Advisory
References	~~() https://www.dlink.com/en/security-bulletin/ -~~	() https://www.dlink.com/en/security-bulletin/ - Vendor Advisory
First Time		Dlink dsl-7740c Dlink dsl-7740c Firmware Dlink

26 Aug 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
Summary		(es) Las credenciales predeterminadas inseguras para la cuenta de administrador de D-Link DSL-7740C con firmware DSL7740C.V6.TR069.20211230 permiten a los atacantes escalar privilegios a través de un ataque de fuerza bruta.
CWE		CWE-1392

25 Aug 2025, 20:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 15:15

Updated : 2025-09-02 18:16

NVD link : CVE-2025-29521

Mitre link : CVE-2025-29521

CVE.ORG link : CVE-2025-29521

JSON object : View

Products Affected

dlink

dsl-7740c_firmware
dsl-7740c

CWE

CWE-1392

Use of Default Credentials

5.3 /10