CVE•Published 2025-06-30•Modified 2025-07-14•0 articles on news•6 live references•NVD data

CVE-2025-6931Dlink · Dcs-6517_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS percentile

Exploit Prediction Scoring System · top 38% of all CVEs

Weaknesses (CWE)

CWE-330Use of Insufficiently Random Values CWE-331Insufficient Entropy

Description

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Timeline

Published 2025-06-30

Modified 2025-07-14

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2025-6931

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · OS

os:"Dcs-6517 Firmware"

Hosts Shodan identified as running Dcs-6517 Firmware.

More intel sources (5)

Shodan report

vuln:CVE-2025-6931

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2025-6931