CVE-2025-71057HIGH 8.2EPSS p4.4%

CVE-2025-71057CVE-2025-71057

Description

Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS0.15% probability of exploitation · percentile 4.4% · 2026-06-19T12:03:05Z
Published2026-02-26
Last modified2026-04-15

Underlying weaknesses· 3

CWE-287CWE-345CWE-384

References

  1. http://d-link.com
  2. https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-71057
  3. https://www.dlink.com/en/security-bulletin/

3

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessInsufficient Verification of Data Authenticitycwe-3450%live
WeaknessSession Fixationcwe-3840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-71056
CVE
CVE-2025-1104
CVE
CVE-2025-28242
CVE
CVE-2025-57278
CVE
CVE-2025-59367
CVE
CVE-2026-36956
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.