CVE-2025-29514

CriticalPublic PoC

Published: 25 August 2025

Published

25 August 2025

Modified

02 September 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0021 42.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29514 is a critical-severity Improper Access Control (CWE-284) vulnerability in Dlink Dsl-7740C Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations to block unauthorized crafted web requests to the config.xgi endpoint.

AC-6 Least Privilege good match

prevent

Ensures the config.xgi function requires appropriate privileges, preventing unauthenticated access to sensitive configuration data.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Limits and authorizes only safe actions without identification or authentication, excluding config file downloads.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Direct exploitation of public-facing router web endpoint (config.xgi) for unauthorized config file access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request.

Deeper analysisAI

CVE-2025-29514, published on 2025-08-25, is an incorrect access control vulnerability (CWE-284) in the config.xgi function of the D-Link DSL-7740C router with firmware version DSL7740C.V6.TR069.20211230. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The issue stems from inadequate protections that permit unauthorized access to sensitive device data.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. By sending a crafted web request to the config.xgi endpoint, they can download the router's configuration file, which may contain credentials, network settings, and other sensitive information, leading to high impacts on confidentiality, integrity, and availability.

D-Link addresses the vulnerability in their security bulletin at https://www.dlink.com/en/security-bulletin/. A proof-of-concept exploit is detailed in a GitHub gist at https://gist.github.com/stevenyu113228/1fc5dcc63e4b4e9f5523167be11abf17.

Details

CWE(s): CWE-284

Affected Products

dlink

dsl-7740c firmware

6.tr069.20211230

CVEs Like This One

CVE-2025-29515Same product: Dlink Dsl-7740C

CVE-2026-2055Same vendor: Dlink

CVE-2025-0481Same vendor: Dlink

CVE-2026-4194Same vendor: Dlink

CVE-2025-2548Same vendor: Dlink

CVE-2026-2054Same vendor: Dlink

CVE-2026-4180Same vendor: Dlink

CVE-2025-52079Same vendor: Dlink

CVE-2025-70219Same vendor: Dlink

CVE-2025-7194Same vendor: Dlink

References

https://gist.github.com/stevenyu113228/1fc5dcc63e4b4e9f5523167be11abf17
Exploit, Third Party Advisory · cve@mitre.org
https://www.dlink.com/en/security-bulletin/
Vendor Advisory · cve@mitre.org