CVE-2025-2360

CWE-266CWE-2854 documents4 sources
Severity
6.9MEDIUM
EPSS
0.4%
top 41.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-823gDlink Dir-823g Firmware
Timeline
PublishedMar 17
Latest updateApr 16

Description

A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5d-link/dir-823g1.0.2B05_20181207
NVDdlink/dir-823g_firmware1.0.2b05_20181207

🔴Vulnerability Details

2
CVEList
D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization2025-03-17
GHSA
GHSA-9wfr-r3p3-m3fw: A vulnerability classified as critical was found in D-Link DIR-823G 12025-03-17

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS D-Link DIR-823G Multiple HNAP SOAPAction Endpoints Authentication Bypass (CVE-2025-2359, CVE-2025-2360)2025-04-16
CVE-2025-2360 (MEDIUM CVSS 6.9) | A vulnerability classified as criti | cvebase.io