CVE-2025-0481

Published: Jan 15, 2025Modified: Jul 16, 2025

6.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Dlink: Dir 878 Firmware

1 product

Dir 878 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 878 Firmware	Version 1.03

Running on/with	Platform Versions
Dlink Dir 878	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.291924

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.291924

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.475011

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.dlink.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.