// For flags

CVE-2020-25786

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-19 CVE Reserved
  • 2020-09-19 CVE Published
  • 2023-06-05 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dir-803 Firmware
Search vendor "Dlink" for product "Dir-803 Firmware"
1.04.b02
Search vendor "Dlink" for product "Dir-803 Firmware" and version "1.04.b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-803
Search vendor "Dlink" for product "Dir-803"
a1
Search vendor "Dlink" for product "Dir-803" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-816l Firmware
Search vendor "Dlink" for product "Dir-816l Firmware"
2.06
Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-816l
Search vendor "Dlink" for product "Dir-816l"
b1
Search vendor "Dlink" for product "Dir-816l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-816l Firmware
Search vendor "Dlink" for product "Dir-816l Firmware"
2.06.b09
Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06.b09"
beta
Affected
in Dlink
Search vendor "Dlink"
Dir-816l
Search vendor "Dlink" for product "Dir-816l"
b1
Search vendor "Dlink" for product "Dir-816l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-645 Firmware
Search vendor "Dlink" for product "Dir-645 Firmware"
1.06b01
Search vendor "Dlink" for product "Dir-645 Firmware" and version "1.06b01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-645
Search vendor "Dlink" for product "Dir-645"
a1
Search vendor "Dlink" for product "Dir-645" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-815 Firmware
Search vendor "Dlink" for product "Dir-815 Firmware"
2.07.b01
Search vendor "Dlink" for product "Dir-815 Firmware" and version "2.07.b01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-815
Search vendor "Dlink" for product "Dir-815"
b1
Search vendor "Dlink" for product "Dir-815" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-860l Firmware
Search vendor "Dlink" for product "Dir-860l Firmware"
1.10b04
Search vendor "Dlink" for product "Dir-860l Firmware" and version "1.10b04"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-860l
Search vendor "Dlink" for product "Dir-860l"
a1
Search vendor "Dlink" for product "Dir-860l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-865l Firmware
Search vendor "Dlink" for product "Dir-865l Firmware"
1.08b01
Search vendor "Dlink" for product "Dir-865l Firmware" and version "1.08b01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-865l
Search vendor "Dlink" for product "Dir-865l"
a1
Search vendor "Dlink" for product "Dir-865l" and version "a1"
-
Safe
* End Of Life in some or all products. Do not expect updates.