CVE-2025-4903

MEDIUM Year: 2025
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-620
View all →

Vulnerability Description

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&http_passwd=game&exec_service=admin-restart. The manipulation leads to unverified password change. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2022-21935

HIGH
CVSS:7.5(High)

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

CWE-6202022

CVE-2023-3069

HIGH
CVSS:7.6(High)

Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.

CWE-6202023

CVE-2021-34785

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected s...

CWE-6202021

CVE-2024-21757

HIGH
CVSS:7.8(High)

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 th...

CWE-6202024

CVE-2024-13373

HIGH
CVSS:8.1(High)

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a u...

CWE-6202024

CVE-2024-27715

HIGH
CVSS:8.2(High)

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.

CWE-6202024