Sign-up

ID

VAR-202512-0195


CVE

CVE-2025-14528


TITLE

D-Link Corporation  of  DIR-803  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068

DESCRIPTION

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Corporation of DIR-803 There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2025-14528 // JVNDB: JVNDB-2025-022068

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-803scope:lteversion:1.04

Trust: 1.0

vendor:d linkmodel:dir-803scope:lteversion:dir-803 firmware 1.04 and earlier

Trust: 0.8

vendor:d linkmodel:dir-803scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-803scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068 // NVD: CVE-2025-14528

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-14528
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-14528
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-022068
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-14528
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-022068
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-14528
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-14528
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-022068
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068 // NVD: CVE-2025-14528 // NVD: CVE-2025-14528

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068 // NVD: CVE-2025-14528

EXTERNAL IDS

db:NVDid:CVE-2025-14528

Trust: 2.6

db:VULDBid:335869

Trust: 1.8

db:JVNDBid:JVNDB-2025-022068

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068 // NVD: CVE-2025-14528

REFERENCES

url:https://github.com/madgeaaaaa/my_vuln_2/blob/main/d-link/vuln-2/dir-803%20authentication%20bypass.md

Trust: 1.8

url:https://github.com/madgeaaaaa/my_vuln_2/blob/main/d-link/vuln-2/dir-803%20authentication%20bypass.md#poc

Trust: 1.8

url:https://vuldb.com/?id.335869

Trust: 1.8

url:https://vuldb.com/?submit.703150

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.335869

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-14528

Trust: 0.8

sources: JVNDB: JVNDB-2025-022068 // NVD: CVE-2025-14528

SOURCES

db:JVNDBid:JVNDB-2025-022068
db:NVDid:CVE-2025-14528

LAST UPDATE DATE

2025-12-20T23:39:14.888000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-022068date:2025-12-17T02:11:00
db:NVDid:CVE-2025-14528date:2025-12-15T19:33:27.230

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-022068date:2025-12-17T00:00:00
db:NVDid:CVE-2025-14528date:2025-12-11T17:15:56.037