{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-0481","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-01-15T12:23:43.675Z","datePublished":"2025-01-15T19:00:13.869Z","dateUpdated":"2025-01-15T20:02:35.923Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-01-15T19:00:13.869Z"},"title":"D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"D-Link","product":"DIR-878","versions":[{"version":"1.03","status":"affected"}],"modules":["HTTP POST Request Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine problematische Schwachstelle in D-Link DIR-878 1.03 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /dllog.cgi der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}}],"timeline":[{"time":"2025-01-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-01-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-01-15T13:28:47.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"wxhwxhwxh_tutu (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.291924","name":"VDB-291924 | D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.291924","name":"VDB-291924 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.475011","name":"Submit #475011 | D-Link DIR-878 HW:A1 FW:1.03 Improper Access Controls","tags":["third-party-advisory"]},{"url":"https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md","tags":["exploit"]},{"url":"https://www.dlink.com/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-15T20:01:04.855899Z","id":"CVE-2025-0481","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-15T20:02:35.923Z"}}]}}