CVE-2025-4903

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R(68125)

Description: A critical issue was found, affecting the function sub 41F4F0 of the file "/H5/webgl.asp?tggl port=0&remote management=0&http passwd=game&exec service=admin-restart". This leads to an unverified password change. The attack can be initiated remotely.

Recommendations: For D-Link DI-7003GV2 version 24.04.18D1 R(68125), as a temporary workaround, consider disabling the sub 41F4F0 function until a patch is available. Restrict access to the "/H5/webgl.asp" endpoint to minimize the risk of exploitation. Avoid using the http passwd and exec service parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.