github · zxhri · Jun 13, 2026 · Jun 13, 2026 · Jun 13, 2026 · Jun 13, 2026
diff --git a/advisories/unreviewed/2026/03/GHSA-rcv7-3vfh-47x6/GHSA-rcv7-3vfh-47x6.json b/advisories/unreviewed/2026/03/GHSA-rcv7-3vfh-47x6/GHSA-rcv7-3vfh-47x6.json
@@ -6,7 +6,8 @@
   "aliases": [
     "CVE-2025-29165"
   ],
-  "details": "An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component",
+  "summary": "An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component.",
+  "details": "D-Link DIR-1253 Prior version <= V1.6.1684 vulnerable to privilege escalation. The file affected at `etc/shadow.sample` contained a hardcoded root credential. These credentials are used in `var/shadow` by the following `init.d/rcS_{AP,GW}` boot script, this script is being execute when booting process is start.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -17,23 +18,19 @@
   "references": [
     {
       "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29165"
+      "url": "https://zuh.re/cve/2025-29165"
     },
     {
-      "type": "WEB",
-      "url": "https://codeberg.org/zuhri/advisory/src/branch/main/CVE-2025-29165"
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29165"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/twentysevns/Vuln-IoT-Reports/blob/main/DLINK/DIR-1253/README.md"
+      "url": "https://codeberg.org/zuhri/advisory/src/branch/main/CVE-2025-29165"
     },
     {
       "type": "WEB",
       "url": "https://www.dlink.com/en/security-bulletin"
-    },
-    {
-      "type": "WEB",
-      "url": "https://zuh.re/cve/2025-29165"
     }
   ],
   "database_specific": {
@@ -45,4 +42,4 @@
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-05T20:16:10Z"
   }
-}
+}