CVE-2025-45729 – D-Link DIR-823-Pro router firmware version 1.02... (How to Fix)

Q: What is the severity of CVE-2025-45729?

CVE-2025-45729 has a CVSS score of 6.3 (MEDIUM). D-Link DIR-823-Pro router firmware version 1.02 has improper permission control that allows unauthorized users to enable and access Telnet services remotely. This affects all users running the vulnerable firmware version, potentially exposing administrative access to attackers.

📋 TL;DR

D-Link DIR-823-Pro router firmware version 1.02 has improper permission control that allows unauthorized users to enable and access Telnet services remotely. This affects all users running the vulnerable firmware version, potentially exposing administrative access to attackers.

💻 Affected Systems

Products:

D-Link DIR-823-Pro

Versions: 1.02

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all devices running firmware version 1.02. No special configuration required for exploitation.

📦 What is this software?

Dir 823 Pro Firmware by Dlink

View all CVEs affecting Dir 823 Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise leading to network infiltration, credential theft, man-in-the-middle attacks, and persistent backdoor installation.

🟠

Likely Case

Unauthorized administrative access to router configuration, network traffic monitoring, and potential lateral movement to connected devices.

🟢

If Mitigated

Limited impact if Telnet is already disabled and proper network segmentation is in place.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet if router management interface is exposed.

🏢 Internal Only: MEDIUM - Exploitable from within the local network by any connected device.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in the referenced advisory. Exploitation requires network access to the router's management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check D-Link support portal regularly for firmware updates addressing CVE-2025-45729.

🔧 Temporary Workarounds

Disable Telnet Service

all

Manually disable Telnet service through router web interface if available

Block Telnet Port

all

Configure firewall rules to block Telnet port 23 inbound and outbound

🧯 If You Can't Patch

Isolate router on separate VLAN with strict access controls
Implement network monitoring for Telnet connection attempts on port 23

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in web interface. If version is 1.02, device is vulnerable.

Check Version:

Login to router web interface and navigate to System Status or Firmware Information page

Verify Fix Applied:

Attempt to connect to router via Telnet on port 23. Successful connection indicates vulnerability.

📡 Detection & Monitoring

Log Indicators:

Telnet service activation logs
Unauthorized login attempts on port 23
Configuration changes without authentication

Network Indicators:

Unexpected Telnet traffic on port 23
Telnet connections from unauthorized IP addresses

SIEM Query:

source_port:23 OR destination_port:23 AND (action:denied OR action:allowed) | stats count by src_ip, dest_ip

📊 Metadata

CVE ID: CVE-2025-45729

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.14% exploit probability (33.6th percentile)

Published: June 27, 2025

Last Updated: July 1, 2025

🔗 References

https://www.kdev.site/2025/04/02/d-link-823_pro-unauthorized-telnet-access/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45729, you might also want to check these: