CVE-2025-10093
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-08

Last updated on: 2025-09-29

Assigner: VulDB

Description
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-08
Last Modified
2025-09-29
Generated
2026-06-16
AI Q&A
2025-09-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10093
EUVD
EUVD-2025-27121
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dlink dir-852_firmware 1.00cn_b09
dlink dir-852 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10093 is an authentication bypass vulnerability in the D-Link DIR-852 router firmware up to version 1.00CN B09. It affects the function phpcgi_main in the /getcfg.php file, part of the Device Configuration Handler. The vulnerability arises because the router processes user-supplied POST parameters before appending server-generated session validation variables. Due to a parsing behavior that prioritizes the first occurrence of variables, an attacker can inject a forged AUTHORIZED_GROUP=1 parameter in the POST request, which overrides the legitimate server value (AUTHORIZED_GROUP=-1). This allows an unauthenticated remote attacker to bypass access controls and retrieve sensitive device configuration information, including administrator credentials, without authorization. [1, 2, 3]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information from the affected D-Link DIR-852 router, such as device configuration details and administrator credentials. An attacker can remotely exploit this flaw without authentication, potentially gaining access to confidential device data. Since the affected products are no longer supported, no official patches are available, increasing the risk of exploitation. The impact primarily affects confidentiality, allowing attackers to gather sensitive information that could be used for further attacks or unauthorized access. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable endpoint /getcfg.php on D-Link DIR-852 devices running firmware up to 1.00CN B09. One can use network scanning or web request tools to identify devices exposing this endpoint. Additionally, a proof-of-concept curl command can be used to test if the device is vulnerable by attempting to exploit the authentication bypass: curl -d "SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1" "http://<device-ip>/getcfg.php". If sensitive device information is returned without authentication, the device is vulnerable. Also, Google hacking techniques such as searching for inurl:getcfg.php can help identify vulnerable devices exposed on the internet. [1, 2]

Mitigation Strategies

Since the affected D-Link DIR-852 devices are no longer supported and no patches are available, immediate mitigation involves implementing restrictive firewall rules to block unauthorized access to the /getcfg.php endpoint. This can include blocking external access to the device's web interface or specifically filtering requests to /getcfg.php. Additionally, network segmentation and limiting access to trusted users can reduce exposure. Avoid exposing the device to the internet and monitor for suspicious requests targeting the vulnerable endpoint. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart