CNNVD-202510-3530 Information

CNNVD ID

CNNVD-202510-3530

Related CVE

CVE-2025-12295

• CNNVD Published: 2025-10-27

Description (Chinese)

D-Link DAP-2695是中国友讯（D-Link）公司的一款高性能双频无线接入点。 D-Link DAP-2695 2.00RC13版本存在数据伪造问题漏洞，该漏洞源于Firmware Update Handler组件中函数sub_40C6B8未正确验证加密签名，可能导致远程攻击。

Description (English)

D-Link DAP-2695 is a high-performance double-frequency wireless access point for the Chinese company D-Link. The D-Link DAP-2695 2.00RC13 version contains a data-falsification loophole, which stems from the fact that the function sub 40C6B8 in the Firmware Update Handler component does not correctly verify the encrypted signature, which may lead to a remote attack.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

友讯

Published

2025-10-27

Last Modified

2026-02-24

References

https://vuldb.com/?id.329963 https://vuldb.com/?ctiid.329963 https://vuldb.com/?submit.675854 https://www.dlink.com/ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Dlink/DAP-2695_Inte.md https://access.redhat.com/security/cve/cve-2025-12295