CVE-2025-8155
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-25
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2025-07-25
EPSS Evaluated
2026-05-25
NVD
CVE-2025-8155
EUVD
EUVD-2025-22584
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dcs-6010l_firmware 1.15.03
dlink dcs-6010l *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8155 is a Cross-Site Scripting (XSS) vulnerability in the D-Link DCS-6010L Management Application version 1.15.03. It occurs in the /vb.htm file where the 'paratest' parameter can be manipulated by an attacker to inject malicious scripts. This allows arbitrary JavaScript to be executed in the context of the management interface when a specially crafted URL is accessed. The vulnerability can be exploited remotely and requires some user interaction. [1, 2]


How can this vulnerability impact me? :

This vulnerability can allow remote attackers to execute arbitrary scripts in the management interface of the affected device, potentially compromising data integrity. It may lead to unauthorized actions or information disclosure within the management application. Since the affected product is no longer supported and no mitigations exist, the risk remains unless the device is replaced. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the /vb.htm endpoint of the D-Link DCS-6010L management interface reflects the 'paratest' parameter without proper sanitization. You can test this by sending a request with a script payload in the 'paratest' parameter and observing if it is executed or reflected in the response. For example, use the following curl command to test: curl -i "http://<target-ip>/vb.htm?paratest=<script>alert(1)</script>" If the response contains the script tag unescaped, the system is vulnerable. Additionally, attackers may use Google dorking with queries like 'inurl:vb.htm' to find vulnerable devices. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Since the affected product (D-Link DCS-6010L version 1.15.03) is no longer supported and no known mitigations or countermeasures exist, the recommended immediate step is to replace the affected device with a supported alternative. There are no patches or fixes available, so discontinuing use of the vulnerable device is the advised mitigation. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart