CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4860 – D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4860
18 May 2025 — A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4859 – D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4859
18 May 2025 — A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_MAC_Bypass • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4858 – D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-4858
18 May 2025 — A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. • https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_ARP_Spoofing_Prevention • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •