CVE-2025-1392

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Published: Feb 17, 2025
Updated: Jul 17, 2025
CVE: CVE-2025-1392
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-94
CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
dlink / dir-816_firmware	1.01to	1.01to.x

https://vuldb.com/?ctiid.296023
https://vuldb.com/?id.296023
https://vuldb.com/?submit.501351
https://www.dlink.com/

Vulnerability Database

CVE-2025-1392

Deep Security Visibility Without the Complexity