CVE-2025-4901 – This vulnerability in D-Link DI-7003GV2 routers... (How to Fix)

Q: What is the severity of CVE-2025-4901?

CVE-2025-4901 has a CVSS score of 4.3 (MEDIUM). This vulnerability in D-Link DI-7003GV2 routers allows attackers on the local network to access sensitive information through the HTTP endpoint. The information disclosure could expose system state or configuration details that should not be publicly accessible. Only devices on firmware version 24.04.18D1 R(68125) are affected.

📋 TL;DR

This vulnerability in D-Link DI-7003GV2 routers allows attackers on the local network to access sensitive information through the HTTP endpoint. The information disclosure could expose system state or configuration details that should not be publicly accessible. Only devices on firmware version 24.04.18D1 R(68125) are affected.

💻 Affected Systems

Products:

D-Link DI-7003GV2

Versions: 24.04.18D1 R(68125)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. The vulnerability is in the HTTP endpoint component accessible via the web interface.

📦 What is this software?

Di 7003g Firmware by Dlink

View all CVEs affecting Di 7003g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could obtain sensitive router configuration details, network topology information, or credentials that could be used for further attacks within the network.

🟠

Likely Case

Local network attackers can access system state information that reveals details about the router's configuration and potentially identify other vulnerabilities.

🟢

If Mitigated

With proper network segmentation and access controls, the impact is limited to information that doesn't enable privilege escalation or remote access.

🌐 Internet-Facing: LOW - The vulnerability requires local network access and cannot be exploited from the internet.

🏢 Internal Only: MEDIUM - While local network access is required, internal attackers or compromised devices could exploit this to gather reconnaissance data for further attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires local network access but no authentication. Simple HTTP requests can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dlink.com/

Restart Required: No

Instructions:

Check D-Link's official website for firmware updates. If available, download the latest firmware and apply through the router's web interface under System Tools > Firmware Update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the router management interface to a dedicated VLAN or restrict access to trusted management hosts only.

Access Control Lists

all

Implement firewall rules to restrict access to the router's web interface from unauthorized internal IP addresses.

🧯 If You Can't Patch

Implement strict network segmentation to limit which devices can access the router's management interface
Monitor network traffic to the router's HTTP endpoint for suspicious access patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Tools > Firmware. If version is 24.04.18D1 R(68125), the device is vulnerable.

Check Version:

curl -k https://[router-ip]/H5/state_view.data or check web interface

Verify Fix Applied:

After updating firmware, verify the version has changed from 24.04.18D1 R(68125) to a newer version.

📡 Detection & Monitoring

Log Indicators:

Unusual access to /H5/state_view.data endpoint
Multiple failed or successful requests to router management interface from unexpected internal IPs

Network Indicators:

HTTP GET requests to /H5/state_view.data from non-management hosts
Unusual traffic patterns to router management interface

SIEM Query:

source="router-logs" AND (uri="/H5/state_view.data" OR user_agent="*exploit*")

📊 Metadata

CVE ID: CVE-2025-4901

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

EPSS Score: 0.2% exploit probability (42.1th percentile)

Published: May 19, 2025

Last Updated: May 21, 2025

🔗 References

https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/state_view.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.309457 Permissions Required,Third Party Advisory,VDB Entry
https://vuldb.com/?id.309457 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.578049 Third Party Advisory,VDB Entry
https://www.dlink.com/ Product
https://github.com/at0de/my_vulns/blob/main/Dlink/Di-7003GV2/state_view.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4901, you might also want to check these: