CVE-2025-29515
Published: 25 August 2025
Summary
CVE-2025-29515 is a critical-severity Improper Access Control (CWE-284) vulnerability in Dlink Dsl-7740C Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly identifies and controls actions permitted without authentication, directly preventing unauthorized modifications via unauthenticated endpoints like DELT_file.xgi.
AC-3 enforces approved access authorizations, mitigating the incorrect access control that allows remote attackers to modify the XML database including the admin password.
SI-2 requires timely remediation of flaws through firmware updates, directly addressing the vendor-patched vulnerability in DSL7740C.V6.TR069.20211230.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote exploitation of a public-facing router endpoint (DELT_file.xgi) enabling arbitrary config changes.
NVD Description
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password.
Deeper analysisAI
CVE-2025-29515 is an incorrect access control vulnerability (CWE-284) in the DELT_file.xgi endpoint of the D-Link DSL-7740C router running firmware version DSL7740C.V6.TR069.20211230. This flaw allows unauthorized modification of arbitrary settings stored in the device's XML database, including the administrator password. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Remote attackers require no authentication, privileges, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables full control over device configurations, such as changing credentials, altering network settings, or enabling other malicious features, potentially leading to complete compromise of the affected router.
Mitigation details are outlined in advisories available at the D-Link security bulletin (https://www.dlink.com/en/security-bulletin/) and a related GitHub Gist (https://gist.github.com/stevenyu113228/0bf32385245f71dfe11b0ef77c468392), published on 2025-08-25. Security practitioners should consult these resources for patch availability and recommended remediation steps for the specified firmware.
Details
- CWE(s)