CVE-2025-45784

Name of the Vulnerable Software and Affected Versions D-Link DPH-400S/SE VoIP Phone version 1.01

Description The issue concerns hardcoded provisioning variables in the firmware, including PROVIS USER PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools, potentially leading to unauthorized access to device functions or user accounts. This is due to insecure storage of sensitive information in the firmware binary.

Recommendations For D-Link DPH-400S/SE VoIP Phone version 1.01, consider restricting access to the device's firmware and provisioning variables to minimize the risk of exploitation. As a temporary workaround, avoid using the PROVIS USER PASSWORD variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.