← voltar
CVE-2025-14528

D-Link DIR-803 Configuration getcfg.php information disclosure

CVSS 6.9 MEDIUMEPSS 3.6%CWE-200CWE-284
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 6.9EPSS 3.6%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
11 dez 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
D-Link · DIR-803

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.mdhttps://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md#pochttps://vuldb.com/?ctiid.335869https://vuldb.com/?id.335869https://vuldb.com/?submit.703150https://www.dlink.com/