CVE-2025-52079
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dlink | dir-820l_firmware | 1.06b02 |
| dlink | dir-820l | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the D-Link DIR-820L 1.06B02 involves improper access control that allows an attacker to change the administrator password without verification by sending a specially crafted POST request to the /get_set.ccp endpoint.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could change the administrator password without authorization, potentially gaining full control over the device, leading to unauthorized access, configuration changes, and compromise of network security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70