CVE-2025-1392

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.01TO

Description: A vulnerability has been found in the D-Link DIR-816, affecting an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G basic. The manipulation of the SSID argument leads to cross-site scripting. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations: As a temporary workaround, consider disabling the SSID argument in the affected API endpoint until a patch is available. However, since the products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the vulnerable file /cgi-bin/webproc to minimize the risk of exploitation. Avoid using the SSID argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a fix for this vulnerability.