Vulnerability Details CVE-2025-14528
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md#poc
- https://vuldb.com/?ctiid.335869
- https://vuldb.com/?id.335869
- https://vuldb.com/?submit.703150
- https://www.dlink.com/
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md#poc
Products affected by CVE-2025-14528
-
cpe:2.3:h:dlink:dir-803:a1
-
cpe:2.3:o:dlink:dir-803_firmware:*