Sign-up

ID

VAR-202509-0249


CVE

CVE-2025-10093


TITLE

D-Link Corporation  of  DIR-852  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947

DESCRIPTION

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-852 There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-10093 // JVNDB: JVNDB-2025-014947

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-852scope:eqversion:1.00cn_b09

Trust: 1.0

vendor:d linkmodel:dir-852scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-852scope:eqversion:dir-852 firmware 1.00cn b09

Trust: 0.8

vendor:d linkmodel:dir-852scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947 // NVD: CVE-2025-10093

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-10093
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-10093
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-014947
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-10093
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-014947
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-10093
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-10093
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-014947
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947 // NVD: CVE-2025-10093 // NVD: CVE-2025-10093

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947 // NVD: CVE-2025-10093

EXTERNAL IDS

db:NVDid:CVE-2025-10093

Trust: 2.6

db:VULDBid:323049

Trust: 1.8

db:JVNDBid:JVNDB-2025-014947

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947 // NVD: CVE-2025-10093

REFERENCES

url:https://github.com/i-corner/cve/issues/21

Trust: 1.8

url:https://vuldb.com/?id.323049

Trust: 1.8

url:https://vuldb.com/?submit.644935

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.323049

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-10093

Trust: 0.8

sources: JVNDB: JVNDB-2025-014947 // NVD: CVE-2025-10093

SOURCES

db:JVNDBid:JVNDB-2025-014947
db:NVDid:CVE-2025-10093

LAST UPDATE DATE

2025-10-04T23:28:37.087000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-014947date:2025-10-02T09:09:00
db:NVDid:CVE-2025-10093date:2025-09-29T18:27:40.350

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-014947date:2025-10-02T00:00:00
db:NVDid:CVE-2025-10093date:2025-09-08T12:15:31.840