CVE-2025-15245

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.3 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

Vulnerability Details

Published Date

December 30, 2025

Last Modified

December 31, 2025

CWE ID

CWE-22

Source

NVD

Vendor

dlink

Product

dcs-850l_firmware

External References

https://tzh00203.notion.site/D-Link-DCS850L-v1-02-09-Path-Traversal-Vulnerability-in-Firmware-Update-2d8b5c52018a803abbc7e30e2858d084?source=copy_link
https://vuldb.com/?ctiid.338635
https://vuldb.com/?id.338635
https://vuldb.com/?submit.725742
https://www.dlink.com/

CVE-2025-15245

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment