Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2020-25786

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header

Published: Sep 19, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-25786
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
dlink / dir-803_firmware	1.04.b02	1.04.b02.x
dlink / dir-816l_firmware	2.06	2.06.x
dlink / dir-816l_firmware	2.06.b09-beta	2.06.b09-beta.x
dlink / dir-645_firmware	1.06b01	1.06b01.x
dlink / dir-815_firmware	2.07.b01	2.07.b01.x
dlink / dir-860l_firmware	1.10b04	1.10b04.x
dlink / dir-865l_firmware	1.08b01	1.08b01.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo