Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-14528Sensitive Information Exposure in D-link Dir-803

CWE-200Sensitive Information ExposureCWE-284Improper Access Control5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
8.0%
top 7.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dlink Dir-803 FirmwareD-link Dir-803
Timeline
PublishedDec 11

Description

A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-8031.04

🔴Vulnerability Details

3
CVEList
D-Link DIR-803 Configuration getcfg.php information disclosure2025-12-11
GHSA
GHSA-rh34-wc6m-2m98: A vulnerability was detected in D-Link DIR-803 up to 12025-12-11
VulnCheck
D-Link dir-803_firmware Exposure of Sensitive Information to an Unauthorized Actor2025

💥Exploits & PoCs

1
Nuclei
D-Link DIR-803 - Authentication Bypass
CVE-2025-14528 — Sensitive Information Exposure | cvebase