Cyber Resilience

CVE-2025-29515

CriticalPublic PoC

Published: 25 August 2025

Published
25 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0059 69.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29515 is a critical-severity Improper Access Control (CWE-284) vulnerability in Dlink Dsl-7740C Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-29515 is an incorrect access control vulnerability (CWE-284) in the DELT_file.xgi endpoint of the D-Link DSL-7740C router running firmware version DSL7740C.V6.TR069.20211230. This flaw allows unauthorized modification of arbitrary settings stored in the device's XML database, including the administrator password. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

Remote attackers require no authentication, privileges, or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables full control over device configurations, such as changing credentials, altering network settings, or enabling other malicious features, potentially leading to complete compromise of the affected router.

Mitigation details are outlined in advisories available at the D-Link security bulletin (https://www.dlink.com/en/security-bulletin/) and a related GitHub Gist (https://gist.github.com/stevenyu113228/0bf32385245f71dfe11b0ef77c468392), published on 2025-08-25. Security practitioners should consult these resources for patch availability and recommended remediation steps for the specified firmware.

EU & UK References

Vulnerability details

Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated remote exploitation of a public-facing router endpoint (DELT_file.xgi) enabling arbitrary config changes.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29514Same product: Dlink Dsl-7740C
CVE-2025-2548Same vendor: Dlink
CVE-2026-4194Same vendor: Dlink
CVE-2026-2055Same vendor: Dlink
CVE-2026-2054Same vendor: Dlink
CVE-2026-4180Same vendor: Dlink
CVE-2025-0481Same vendor: Dlink
CVE-2025-52079Same vendor: Dlink
CVE-2025-25742Same vendor: Dlink
CVE-2025-70239Same vendor: Dlink

Affected Assets

dlink
dsl-7740c firmware
6.tr069.20211230

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 explicitly identifies and controls actions permitted without authentication, directly preventing unauthorized modifications via unauthenticated endpoints like DELT_file.xgi.

prevent

AC-3 enforces approved access authorizations, mitigating the incorrect access control that allows remote attackers to modify the XML database including the admin password.

preventrecover

SI-2 requires timely remediation of flaws through firmware updates, directly addressing the vendor-patched vulnerability in DSL7740C.V6.TR069.20211230.

References