Cyber Resilience

CVE-2025-6932

LowPublic PoC

Published: 30 June 2025

Published
30 June 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0034 57.2th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6932 is a low-severity Use of Hard-coded Password (CWE-259) vulnerability in Dlink Dcs-7517 Firmware. Its CVSS base score is 2.9 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It…

more

is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

The vulnerability involves a hard-coded password for a root-level account created when Qlync provider is detected, enabling adversaries to use default accounts (T1078.001) for unauthorized remote administrative access, as explicitly mapped in the advisory.

Affected Assets

dlink
dcs-7517 firmware
≤ 2.02.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-259

Changing default authenticators prior to first use directly prevents use of hard-coded passwords.

addresses: CWE-259

Shared threat data frequently highlights products or deployments still using hard-coded passwords, enabling remediation that directly blocks credential-based attacks.

addresses: CWE-259

Background checks and authorization requirements decrease the probability that a developer will hard-code passwords for later unauthorized access.

addresses: CWE-259

Reviews of supplier deliverables reduce the chance that hard-coded passwords are introduced into the system.

References