CVE-2025-1392

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Feb 17, 2025

CWE ID 94

CWE ID 79

Summary

CVE-2025-1392 is a newly discovered vulnerability affecting the D-Link DIR-816 1.01TO router. The issue lies within an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic.html. Manipulation of the argument SSID results in a cross-site scripting (XSS) attack, which can be executed remotely. The exploit for this vulnerability has been made public, increasing the risk for potential attacks. Importantly, this vulnerability only affects unsupported D-Link DIR-816 1.01TO routers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cjcQR
https://www.cve.org/CVERecord?id=CVE-2025-1392
https://nvd.nist.gov/vuln/detail/CVE-2025-1392

Back to Vulnerability Database

CVE-2025-1392

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations