Sign-up

ID

VAR-202505-1805


CVE

CVE-2025-4858


TITLE

D-Link Systems, Inc.  of  DAP-2695  Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005593

DESCRIPTION

A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link. D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter harp_mac in the file /adv_arpspoofing.php. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-4858 // JVNDB: JVNDB-2025-005593 // CNVD: CNVD-2025-10944

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-10944

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-2695scope:eqversion:1.20b36r137_all_en_202105286

Trust: 1.0

vendor:d linkmodel:dap-2695scope:eqversion:dap-2695 firmware 1.20b36r137 all en 202105286

Trust: 0.8

vendor:d linkmodel:dap-2695scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-2695scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-2695 120b36r137 all en 20210528scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-10944 // JVNDB: JVNDB-2025-005593 // NVD: CVE-2025-4858

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-4858
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-4858
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-005593
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-10944
value: LOW

Trust: 0.6

cna@vuldb.com: CVE-2025-4858
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-005593
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-10944
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-4858
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-4858
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-005593
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-10944 // JVNDB: JVNDB-2025-005593 // NVD: CVE-2025-4858 // NVD: CVE-2025-4858

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:CWE-94

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

problemtype: Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

problemtype: Code injection (CWE-94) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005593 // NVD: CVE-2025-4858

EXTERNAL IDS

db:NVDid:CVE-2025-4858

Trust: 3.2

db:VULDBid:309400

Trust: 1.8

db:JVNDBid:JVNDB-2025-005593

Trust: 0.8

db:CNVDid:CNVD-2025-10944

Trust: 0.6

sources: CNVD: CNVD-2025-10944 // JVNDB: JVNDB-2025-005593 // NVD: CVE-2025-4858

REFERENCES

url:https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/dap-2695/xss_arp_spoofing_prevention

Trust: 2.4

url:https://vuldb.com/?id.309400

Trust: 1.8

url:https://vuldb.com/?submit.575100

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.309400

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-4858

Trust: 0.8

sources: CNVD: CNVD-2025-10944 // JVNDB: JVNDB-2025-005593 // NVD: CVE-2025-4858

SOURCES

db:CNVDid:CNVD-2025-10944
db:JVNDBid:JVNDB-2025-005593
db:NVDid:CVE-2025-4858

LAST UPDATE DATE

2025-05-30T23:29:48.219000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-10944date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-005593date:2025-05-23T03:38:00
db:NVDid:CVE-2025-4858date:2025-05-22T18:19:26.573

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-10944date:2025-05-29T00:00:00
db:JVNDBid:JVNDB-2025-005593date:2025-05-23T00:00:00
db:NVDid:CVE-2025-4858date:2025-05-18T04:15:34.883