CVE-2025-15245

Name of the Vulnerable Software and Affected Versions D-Link DCS-850L version 1.02.09

Description A flaw exists within the Firmware Update Service component, specifically in the uploadfirmware function. The issue stems from manipulating the DownloadFile argument, leading to a path traversal condition. Successful exploitation requires an attacker to be on the local network. The exploit is publicly available. This vulnerability impacts products no longer supported by the maintainer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.