Details of VAR-202508-2397

ID

VAR-202508-2397

CVE

CVE-2025-29523

TITLE

D-Link DSL-7740C ping6 function command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-19875

DESCRIPTION

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. The D-Link DSL-7740C is a modem manufactured by D-Link, a Chinese company. This vulnerability stems from the ping6 function's failure to properly sanitize special characters and commands during command construction. An attacker could exploit this vulnerability to execute arbitrary commands

Trust: 1.44

sources: NVD: CVE-2025-29523 // CNVD: CNVD-2025-19875

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19875

AFFECTED PRODUCTS

vendor:

d link

model:

dsl-7740c dsl7740c.v6.tr069.20211230

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-19875

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-29523
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-19875
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-19875
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-29523
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-19875 // NVD: CVE-2025-29523

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2025-29523

EXTERNAL IDS

db:	NVD	id:	CVE-2025-29523	Trust: 1.6
db:	CNVD	id:	CNVD-2025-19875	Trust: 0.6

sources: CNVD: CNVD-2025-19875 // NVD: CVE-2025-29523

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.0
url:	https://gist.github.com/stevenyu113228/6dbc5eb4311390e4e9a8f89fdb659406	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-29523	Trust: 0.6

sources: CNVD: CNVD-2025-19875 // NVD: CVE-2025-29523

SOURCES

db:	CNVD	id:	CNVD-2025-19875
db:	NVD	id:	CVE-2025-29523

LAST UPDATE DATE

2025-09-01T23:43:48.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19875	date:	2025-08-29T00:00:00
db:	NVD	id:	CVE-2025-29523	date:	2025-08-25T20:24:45.327

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19875	date:	2025-08-29T00:00:00
db:	NVD	id:	CVE-2025-29523	date:	2025-08-25T16:15:30.513