Cyber Resilience

CVE-2025-29514

CriticalPublic PoC

Published: 25 August 2025

Published
25 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 58.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29514 is a critical-severity Improper Access Control (CWE-284) vulnerability in Dlink Dsl-7740C Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-29514, published on 2025-08-25, is an incorrect access control vulnerability (CWE-284) in the config.xgi function of the D-Link DSL-7740C router with firmware version DSL7740C.V6.TR069.20211230. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue stems from inadequate protections that permit unauthorized access to sensitive device data.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. By sending a crafted web request to the config.xgi endpoint, they can download the router's configuration file, which may contain credentials, network settings, and other sensitive information, leading to high impacts on confidentiality, integrity, and availability.

D-Link addresses the vulnerability in their security bulletin at https://www.dlink.com/en/security-bulletin/. A proof-of-concept exploit is detailed in a GitHub gist at https://gist.github.com/stevenyu113228/1fc5dcc63e4b4e9f5523167be11abf17.

EU & UK References

Vulnerability details

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct exploitation of public-facing router web endpoint (config.xgi) for unauthorized config file access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29515Same product: Dlink Dsl-7740C
CVE-2025-2548Same vendor: Dlink
CVE-2026-4194Same vendor: Dlink
CVE-2026-2055Same vendor: Dlink
CVE-2026-2054Same vendor: Dlink
CVE-2026-4180Same vendor: Dlink
CVE-2025-0481Same vendor: Dlink
CVE-2025-52079Same vendor: Dlink
CVE-2025-25742Same vendor: Dlink
CVE-2025-70239Same vendor: Dlink

Affected Assets

dlink
dsl-7740c firmware
6.tr069.20211230

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations to block unauthorized crafted web requests to the config.xgi endpoint.

prevent

Ensures the config.xgi function requires appropriate privileges, preventing unauthenticated access to sensitive configuration data.

prevent

Limits and authorizes only safe actions without identification or authentication, excluding config file downloads.

References