CVE-2025-45784 – D-Link DPH-400S/SE VoIP Phone Hardcoded Credentials Vulnerability

June 18, 2025

CVE ID : CVE-2025-45784

Published : June 18, 2025, 2:15 p.m. | 16 minutes ago

Description : D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46157 – EfroTech Time Trax Remote Code Execution Vulnerability

Next Article CVE-2025-45661 – miniTCG XSS

Highlights

CVE-2025-6835 – “Code-projects Library System SQL Injection Vulnerability”

June 28, 2025

CVE ID : CVE-2025-6835

Published : June 29, 2025, 12:15 a.m. | 1 hour, 11 minutes ago

Description : A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-45784 – D-Link DPH-400S/SE VoIP Phone Hardcoded Credentials Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

ChatGPT Is Making People Think They’re Gods and Their Families Are Terrified

Explore the new openCypher custom functions and subquery support in Amazon Neptune

I tried to destroy this $45 power bank (including driving over it with a tractor) – it refused to break

Seriot – serial monitor and serial plotter

CVE-2025-6835 – “Code-projects Library System SQL Injection Vulnerability”

CVE-2025-40619 – Bookgy Authentication Bypass

Why OneStream is Embracing C#

Microsoft Edge just got a big performance boost, but can it be the only app I use on Windows 11?

CVE-2025-45784 – D-Link DPH-400S/SE VoIP Phone Hardcoded Credentials Vulnerability

Related Posts