CVE-2025-4859

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2695 version 120b36r137 ALL en 20210528

Description: A vulnerability was found in the MAC Bypass Settings Page, specifically affecting the file /adv macbypass.php. The manipulation of the argument f mac leads to cross-site scripting. This issue can be exploited remotely. The vulnerability only affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DAP-2695 version 120b36r137 ALL en 20210528, as a temporary workaround, consider disabling access to the /adv macbypass.php file until a patch is available. Restrict the use of the f mac argument in the MAC Bypass Settings Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.