CVE-2025-4858

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2695 version 120b36r137 ALL en 20210528

Description: A vulnerability was found in the ARP Spoofing Prevention Page component, specifically in the file /adv arpspoofing.php. The manipulation of the harp mac argument leads to cross-site scripting. The attack can be initiated remotely. This issue affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DAP-2695 version 120b36r137 ALL en 20210528, as a temporary workaround, consider restricting access to the /adv arpspoofing.php file and avoiding the use of the harp mac argument in the ARP Spoofing Prevention Page until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.