cvedb.io
CVE-2025-45784
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-06-18T14:15:44.553 · Last modified 2026-06-17T09:25:41.977

Summary

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary.

Affected products

dlink — dph-400se_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when dlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.