VAR-202502-1661
Vulnerability from variot - Updated: 2025-07-22 19:35A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-816 The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with. D-Link DIR-816 is a wireless router from D-Link of China.
D-Link DIR-816 version 1.01TO has a code injection vulnerability. The vulnerability is caused by the incorrect operation of the parameter SSID, which will lead to a cross-site scripting attack. Attackers can use this vulnerability to execute malicious scripts, steal user cookies, or conduct phishing attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-1661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-816",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01to"
},
{
"model": "dir-816",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-816",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-816",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-816 firmware 1.01to"
},
{
"model": "dir-816 1.01to",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"cve": "CVE-2025-1392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2025-1392",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-009340",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-04183",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2025-1392",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2025-1392",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-009340",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-1392",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-1392",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-009340",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-04183",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html\u0026var:menu=24gwlan\u0026var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-816 The firmware contains cross-site scripting and code injection vulnerabilities.Information may be obtained and information may be tampered with. D-Link DIR-816 is a wireless router from D-Link of China. \n\nD-Link DIR-816 version 1.01TO has a code injection vulnerability. The vulnerability is caused by the incorrect operation of the parameter SSID, which will lead to a cross-site scripting attack. Attackers can use this vulnerability to execute malicious scripts, steal user cookies, or conduct phishing attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-1392"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "CNVD",
"id": "CNVD-2025-04183"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-1392",
"trust": 3.2
},
{
"db": "VULDB",
"id": "296023",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-04183",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"id": "VAR-202502-1661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
}
],
"trust": 0.97672412
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
}
]
},
"last_update_date": "2025-07-22T19:35:17.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://vuldb.com/?id.296023"
},
{
"trust": 2.4,
"url": "https://vuldb.com/?submit.501351"
},
{
"trust": 2.4,
"url": "https://www.dlink.com/"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?ctiid.296023"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-1392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"date": "2025-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"date": "2025-02-17T16:15:16.120000",
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-04183"
},
{
"date": "2025-07-18T08:39:00",
"db": "JVNDB",
"id": "JVNDB-2025-009340"
},
{
"date": "2025-07-16T14:26:19.947000",
"db": "NVD",
"id": "CVE-2025-1392"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-816\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009340"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…