CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0481: D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure

6.9 CVSS

Description

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in D-Link DIR-878 1.03 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /dllog.cgi der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-0481

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.9

Affected Products

Vendor: D-Link

Product: DIR-878

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-13 (when was this score calculated)

References

https://vuldb.com/?id.291924
https://vuldb.com/?ctiid.291924
https://vuldb.com/?submit.475011
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md
https://www.dlink.com/

Timeline

2025-01-16 00:31:12 UTC
CVE

D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure