Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

Published

2020-09-19T20:15:11.903

Last Modified

2024-11-21T05:18:46.167

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System dlink dir-803_firmware 1.04.b02 Yes
Hardware dlink dir-803 a1 No
Operating System dlink dir-816l_firmware 2.06 Yes
Operating System dlink dir-816l_firmware 2.06.b09 Yes
Hardware dlink dir-816l b1 No
Operating System dlink dir-645_firmware 1.06b01 Yes
Hardware dlink dir-645 a1 No
Operating System dlink dir-815_firmware 2.07.b01 Yes
Hardware dlink dir-815 b1 No
Operating System dlink dir-860l_firmware 1.10b04 Yes
Hardware dlink dir-860l a1 No
Operating System dlink dir-865l_firmware 1.08b01 Yes
Hardware dlink dir-865l a1 No
References