CVE-2025-6931

Name of the Vulnerable Software and Affected Versions: D-Link DCS-6517 versions up to 2.02.0 D-Link DCS-7517 versions up to 2.02.0

Description: A vulnerability was found in the function generate pass from mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DCS-6517 and DCS-7517 versions up to 2.02.0, consider disabling the generate pass from mac function as a temporary workaround until a patch is available. Restrict access to the /bin/httpd file to minimize the risk of exploitation. Avoid using the affected products since they are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.