CVE-2020-25786
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-19 CVE Reserved
- 2020-09-19 CVE Published
- 2023-06-05 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-803 Firmware Search vendor "Dlink" for product "Dir-803 Firmware" | 1.04.b02 Search vendor "Dlink" for product "Dir-803 Firmware" and version "1.04.b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-803 Search vendor "Dlink" for product "Dir-803" | a1 Search vendor "Dlink" for product "Dir-803" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-816l Firmware Search vendor "Dlink" for product "Dir-816l Firmware" | 2.06 Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816l Search vendor "Dlink" for product "Dir-816l" | b1 Search vendor "Dlink" for product "Dir-816l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-816l Firmware Search vendor "Dlink" for product "Dir-816l Firmware" | 2.06.b09 Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06.b09" | beta |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816l Search vendor "Dlink" for product "Dir-816l" | b1 Search vendor "Dlink" for product "Dir-816l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-645 Firmware Search vendor "Dlink" for product "Dir-645 Firmware" | 1.06b01 Search vendor "Dlink" for product "Dir-645 Firmware" and version "1.06b01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-645 Search vendor "Dlink" for product "Dir-645" | a1 Search vendor "Dlink" for product "Dir-645" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-815 Firmware Search vendor "Dlink" for product "Dir-815 Firmware" | 2.07.b01 Search vendor "Dlink" for product "Dir-815 Firmware" and version "2.07.b01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-815 Search vendor "Dlink" for product "Dir-815" | b1 Search vendor "Dlink" for product "Dir-815" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-860l Firmware Search vendor "Dlink" for product "Dir-860l Firmware" | 1.10b04 Search vendor "Dlink" for product "Dir-860l Firmware" and version "1.10b04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-860l Search vendor "Dlink" for product "Dir-860l" | a1 Search vendor "Dlink" for product "Dir-860l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-865l Firmware Search vendor "Dlink" for product "Dir-865l Firmware" | 1.08b01 Search vendor "Dlink" for product "Dir-865l Firmware" and version "1.08b01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-865l Search vendor "Dlink" for product "Dir-865l" | a1 Search vendor "Dlink" for product "Dir-865l" and version "a1" | - |
Safe
|