CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md	Exploit Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:dlink:dir-816l_firmware:2.06:::::::*
	cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta::::::

cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*

History

07 Nov 2023, 03:20

Type	Values Removed	Values Added
Summary	UNSUPPORTED WHEN ASSIGNED webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.	webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

Information

Published : 2020-09-19 20:15

Updated : 2024-04-11 01:08

NVD link : CVE-2020-25786

Mitre link : CVE-2020-25786

CVE.ORG link : CVE-2020-25786

JSON object : View

Products Affected

dlink

dir-860l
dir-860l_firmware
dir-865l
dir-803
dir-816l_firmware
dir-865l_firmware
dir-815
dir-815_firmware
dir-803_firmware
dir-645_firmware
dir-645
dir-816l

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-25786

6.1^/10

4.3^/10

Attach tags to `CVE-2020-25786`