Vulnerability in D-Link DI-7003GV2 Remote Management Feature
CVE-2025-4903
Key Information:
- Vendor
D-link
- Status
- Vendor
- CVE Published:
- 19 May 2025
Badges
What is CVE-2025-4903?
A significant vulnerability has been identified in the D-Link DI-7003GV2 router's remote management capabilities. The flaw allows unauthorized users to change the router's password without verification, potentially giving them control over the device. This issue arises from improper access controls in the web management interface, specifically within the sub_41F4F0 function of the webgl.asp file. As the exploit is publicly known, it poses a considerable risk to users who have not applied necessary security patches.
Affected Version(s)
DI-7003GV2 24.04.18D1 R(68125)
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved