cnvd - cnvd-2025-10945

CNVD-2025-10945

Vulnerability from cnvd - Published: 2025-05-29

Title

D-Link DAP-2695 /adv_dhcps.php文件跨站脚本漏洞

Description

D-Link DAP-2695是中国友讯（D-Link）公司的一款高性能双频无线接入点。 D-Link DAP-2695存在跨站脚本漏洞，该漏洞源于文件/adv_dhcps.php中参数f_mac对用户提供的数据缺乏有效过滤与转义，目前没有详细的漏洞细节提供。

Severity

低

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： http://www.dlink.com.cn/

Reference

https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings

Impacted products

Name
D-Link DAP-2695 120b36r137_ALL_en_20210528

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-4860",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-4860"
    }
  },
  "description": "D-Link DAP-2695\u662f\u4e2d\u56fd\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u9ad8\u6027\u80fd\u53cc\u9891\u65e0\u7ebf\u63a5\u5165\u70b9\u3002\n\nD-Link DAP-2695\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/adv_dhcps.php\u4e2d\u53c2\u6570f_mac\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttp://www.dlink.com.cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-10945",
  "openTime": "2025-05-29",
  "products": {
    "product": "D-Link DAP-2695 120b36r137_ALL_en_20210528"
  },
  "referenceLink": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings",
  "serverity": "\u4f4e",
  "submitTime": "2025-05-22",
  "title": "D-Link DAP-2695 /adv_dhcps.php\u6587\u4ef6\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2025-4860 (GCVE-0-2025-4860)

Vulnerability from cvelistv5 – Published: 2025-05-18 05:00 – Updated: 2025-05-19 14:26

Summary

A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

2.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

2.4 (Low)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-79 - Cross Site Scripting
CWE-94 - Code Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.309402	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.309402	signaturepermissions-required
	https://vuldb.com/?submit.575103	third-party-advisory
	https://github.com/fizz-is-on-the-way/Iot_vuls/tr…	exploit
	https://www.dlink.com/	product

Impacted products

	Vendor	Product	Version
	D-Link	DAP-2695	Affected: 120b36r137_ALL_en_20210528

Credits

lcyf-fizz (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4860",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-19T14:26:09.791522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T14:26:13.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Static Pool Settings Page"
          ],
          "product": "DAP-2695",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "120b36r137_ALL_en_20210528"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lcyf-fizz (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in D-Link DAP-2695 120b36r137_ALL_en_20210528 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /adv_dhcps.php der Komponente Static Pool Settings Page. Mittels dem Manipulieren des Arguments f_mac mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-18T05:00:08.702Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-309402 | D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.309402"
        },
        {
          "name": "VDB-309402 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.309402"
        },
        {
          "name": "Submit #575103 | D-Link DAP-2695 firmware 20210528 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.575103"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/DAP-2695/XSS_Static_Pool_Settings"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-16T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-16T21:00:00.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4860",
    "datePublished": "2025-05-18T05:00:08.702Z",
    "dateReserved": "2025-05-16T18:54:51.768Z",
    "dateUpdated": "2025-05-19T14:26:13.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-10945

CVE-2025-4860 (GCVE-0-2025-4860)

Tags

Sightings

Nomenclature