Vulnerability Description
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-803 Firmware | <= 1.04 |
| Dlink | Dir-803 | a1 |
Related Weaknesses (CWE)
References
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20AuthenExploitThird Party Advisory
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20AuthenExploitThird Party Advisory
- https://vuldb.com/?ctiid.335869Permissions RequiredVDB Entry
- https://vuldb.com/?id.335869Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.703150Third Party AdvisoryVDB Entry
- https://www.dlink.com/Product
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20AuthenExploitThird Party Advisory
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20AuthenExploitThird Party Advisory
FAQ
What is CVE-2025-14528?
CVE-2025-14528 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_G...
How severe is CVE-2025-14528?
CVE-2025-14528 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14528?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-803 Firmware, Dlink Dir-803.