CVE-2025-6932

Name of the Vulnerable Software and Affected Versions: D-Link DCS-7517 versions up to 2.02.0

Description: A vulnerability was found in the Qlync Password Generation Handler component, affecting the function g F n GenPassForQlync of the file /bin/httpd. The manipulation leads to the use of hard-coded passwords. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DCS-7517 versions up to 2.02.0, as a temporary workaround, consider disabling the g F n GenPassForQlync function until a patch is available. Restrict access to the /bin/httpd file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.