CVE-2025-9003

CWE-79 — Cross-site Scripting (XSS)CWE-94 — Code Injection3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 95.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

D-link Dir-818lw Dlink Dir-818lw Firmware

Timeline

PublishedAug 15

Description

A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5d-link/dir-818lw1.04

▶NVDdlink/dir-818lw_firmware1.04

🔴Vulnerability Details

CVEList

D-Link DIR-818LW DHCP Reserved Address bsc_lan.php cross site scripting↗2025-08-15

▶

GHSA

GHSA-xr6g-c2xh-qr7x: A vulnerability has been found in D-Link DIR-818LW 1↗2025-08-15

▶