CVE-2025-9003
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-15

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-15
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9003
EUVD
EUVD-2025-24979
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-818lw_firmware 1.04
dlink dir-818lw *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the D-Link DIR-818LW 1.04 router, specifically in the DHCP Reserved Address Handler component within the /bsc_lan.php file. It is caused by improper handling of the 'Name' argument, which allows an attacker to perform a cross-site scripting (XSS) attack remotely.


How can this vulnerability impact me? :

The vulnerability can allow a remote attacker to execute cross-site scripting attacks, potentially leading to the execution of malicious scripts in the context of the affected device's web interface. This could result in unauthorized actions or information disclosure. However, the affected products are no longer supported by the maintainer, which may increase the risk due to lack of patches.


What immediate steps should I take to mitigate this vulnerability?

Since the affected products are no longer supported by the maintainer, immediate mitigation steps include disabling remote access to the affected device, restricting network access to trusted users only, and monitoring for any suspicious activity related to the /bsc_lan.php endpoint. Consider replacing the device with a supported model to ensure security updates.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart