Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dcs-850l_firmware by dlink

    CVE-2025-15245 (GCVE-0-2025-15245)

    Vulnerability from nvd – Published: 2025-12-30 11:02 – Updated: 2025-12-30 12:57 Unsupported When Assigned
    VLAI
    Title
    D-Link DCS-850L Firmware Update Service uploadfirmware path traversal
    Summary
    A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.338635 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.338635 signaturepermissions-required
    https://vuldb.com/?submit.725742 third-party-advisory
    https://tzh00203.notion.site/D-Link-DCS850L-v1-02… exploitpatch
    https://www.dlink.com/ broken-linkproduct
    Impacted products
    Vendor Product Version
    D-Link DCS-850L Affected: 1.02.09
    Create a notification for this product.
    Credits
    tian (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15245",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T12:57:00.711906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T12:57:33.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Firmware Update Service"
              ],
              "product": "DCS-850L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.02.09"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "tian (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.7,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T11:02:16.676Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338635 | D-Link DCS-850L Firmware Update Service uploadfirmware path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338635"
            },
            {
              "name": "VDB-338635 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338635"
            },
            {
              "name": "Submit #725742 | D-Link DCS850L v1.02.09 Absolute Path Traversal",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725742"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link"
            },
            {
              "tags": [
                "broken-link",
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-29T09:28:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-850L Firmware Update Service uploadfirmware path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15245",
        "datePublished": "2025-12-30T11:02:16.676Z",
        "dateReserved": "2025-12-29T08:23:02.358Z",
        "dateUpdated": "2025-12-30T12:57:33.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15245 (GCVE-0-2025-15245)

    Vulnerability from cvelistv5 – Published: 2025-12-30 11:02 – Updated: 2025-12-30 12:57 Unsupported When Assigned
    VLAI
    Title
    D-Link DCS-850L Firmware Update Service uploadfirmware path traversal
    Summary
    A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.338635 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.338635 signaturepermissions-required
    https://vuldb.com/?submit.725742 third-party-advisory
    https://tzh00203.notion.site/D-Link-DCS850L-v1-02… exploitpatch
    https://www.dlink.com/ broken-linkproduct
    Impacted products
    Vendor Product Version
    D-Link DCS-850L Affected: 1.02.09
    Create a notification for this product.
    Credits
    tian (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15245",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T12:57:00.711906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T12:57:33.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Firmware Update Service"
              ],
              "product": "DCS-850L",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.02.09"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "tian (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.7,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-30T11:02:16.676Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338635 | D-Link DCS-850L Firmware Update Service uploadfirmware path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338635"
            },
            {
              "name": "VDB-338635 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338635"
            },
            {
              "name": "Submit #725742 | D-Link DCS850L v1.02.09 Absolute Path Traversal",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725742"
            },
            {
              "tags": [
                "exploit",
                "patch"
              ],
              "url": "https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link"
            },
            {
              "tags": [
                "broken-link",
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "tags": [
            "unsupported-when-assigned"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-29T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-29T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-29T09:28:11.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DCS-850L Firmware Update Service uploadfirmware path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15245",
        "datePublished": "2025-12-30T11:02:16.676Z",
        "dateReserved": "2025-12-29T08:23:02.358Z",
        "dateUpdated": "2025-12-30T12:57:33.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }