CVE-2025-12295

Sažetak

A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function sub_40C6B8 of the component Firmware Update Handler. Executing manipulation can lead to improper verification of cryptographic signature. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Reference

https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695_Inte.md
https://vuldb.com/?ctiid.329963
https://vuldb.com/?id.329963
https://vuldb.com/?submit.675854
https://www.dlink.com/

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:M/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2025 - 15:05

Objavljeno

27-10-2025 - 17:15