CVE-2025-71057: Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers t...
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.
Security readout for executives and security teams
Plain-English summary
This vulnerability affects D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00. The issue can let an attacker take over an authenticated router session by spoofing the authenticated user’s IP address. Business risk is unauthorized router administration, configuration tampering, and limited information exposure.
Executive priority
Treat as a high-priority network edge device issue. Prioritize discovery and management-interface restriction first, then apply vendor guidance or replace unsupported hardware if no maintained fix exists.
Technical view
CVE-2025-71057 is an improper session management issue mapped to CWE-287, CWE-345, and CWE-384. The CVSS 3.1 score is 8.2 high: network reachable, low complexity, no privileges, no user interaction, with low confidentiality and high integrity impact.
Likely exposure
Likely exposed assets are D-Link DSL-124 ME_1.00 routers, especially where administrative access is reachable from untrusted networks or shared LANs. The provided CVE record does not include CPEs or a complete affected-version matrix.
Exploitation context
The source bundle does not show CISA KEV listing or cited evidence of active exploitation. A public GitHub disclosure is referenced, but the provided data does not prove in-the-wild use, weaponized exploit availability, or vendor-confirmed remediation.
Researcher notes
Evidence is limited to the CVE metadata, D-Link bulletin reference, and public disclosure reference. The record names DSL-124 ME_1.00, but the affected-products section is incomplete. Avoid broader D-Link product claims without vendor confirmation.
Mitigation direction
Check D-Link’s security bulletin for current firmware or retirement guidance.
Restrict router administration to trusted management networks only.
Disable remote administration unless explicitly required and protected.
Review and rotate router administrator credentials after exposure review.
Replace unsupported devices if D-Link provides no maintained firmware.
Validation and detection
Inventory D-Link DSL-124 routers and confirm firmware version ME_1.00.
Verify whether administrative interfaces are reachable from WAN or untrusted LANs.
Review router logs for unexpected administrator sessions or configuration changes.
Confirm whether D-Link has published model-specific remediation guidance.
Track CVE and vendor references for updates to affected products or fixes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-287: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-287 · source CWE mapping
Improper Authentication
Improper Authentication represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Insufficient Verification of Data Authenticity represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Session Fixation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.