CVE-2025-0481
Published: 15 January 2025
Description
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-0481 is a problematic information disclosure vulnerability affecting the D-Link DIR-878 router on firmware version 1.03. The flaw resides in an unknown function of the /dllog.cgi file within the HTTP POST Request Handler component, where manipulation via crafted requests exposes sensitive information.
The vulnerability enables remote exploitation without user interaction, authentication, or privileges, as reflected in its CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Attackers with network access can send a malicious HTTP POST request to trigger the disclosure, achieving low-impact confidentiality loss without affecting integrity or availability.
VulDB advisories (ctiid.291924, id.291924) document the issue, while a GitHub repository provides a disclosed proof-of-concept exploit in dllog.md. The D-Link website serves as a reference for potential firmware updates, though no specific patch details are outlined in the available sources.
Details
- CWE(s)