← Voltar para CVEs

CVE-2025-15245

LOW

3.5

Descricao

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Detalhes CVE

Pontuacao CVSS v3.13.5

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado12/30/2025

Ultima modificacao12/31/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

dlink:dcs-850ldlink:dcs-850l_firmware

Fraquezas (CWE)

CWE-22

Referencias

https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link(cna@vuldb.com)

https://vuldb.com/?ctiid.338635(cna@vuldb.com)

https://vuldb.com/?id.338635(cna@vuldb.com)

https://vuldb.com/?submit.725742(cna@vuldb.com)

https://www.dlink.com/(cna@vuldb.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.