Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-25786
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Sep, 2020 | 20:15
Updated At-04 Aug, 2024 | 16:15

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
D-Link Corporation
dlink
>>dir-803_firmware>>1.04.b02
cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-803>>a1
cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-816l_firmware>>2.06
cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-816l_firmware>>2.06.b09
cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-816l>>b1
cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-645_firmware>>1.06b01
cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-645>>a1
cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-815_firmware>>2.07.b01
cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-815>>b1
cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-860l_firmware>>1.10b04
cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-860l>>a1
cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-865l_firmware>>1.08b01
cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-865l>>a1
cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.mdcve@mitre.org
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190cve@mitre.org
Vendor Advisory
Change History
0Changes found
Details not found