CVE-2025-14528

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link DIR-803 versions prior to 1.05

Description A flaw exists in D-Link DIR-803, potentially leading to information disclosure. The issue resides within the Configuration Handler component, specifically in the /getcfg.php file. Manipulation of the AUTHORIZED GROUP argument can trigger the flaw. The attack can be carried out remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported.

Recommendations Update to version 1.05 or later. As a temporary workaround, restrict access to the /getcfg.php file.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

CVE-2025-14528

Affected Products

Dir-803

CVE-2025-14528

Weakness Enumeration

Related Identifiers

Affected Products

References · 12