CVE-2025-15245 | D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile path traversal

Inserito da Angelo Barbosa | Dic 29, 2025 | CVE

A vulnerability, which was classified as critical, was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is cataloged as CVE-2025-15245. The attack must originate from the local network. Furthermore, there is an exploit available.

CVE-2025-15245 | D-Link DCS-850L 1.02.09 Firmware Update Service uploadfirmware DownloadFile path traversal

Post correlati

CVE-2024-1334 | ImageRecycle PDF & Image Compression Plugin up to 3.1.13 on WordPress Setting enableOptimization cross-site request forgery

CVE-2024-1005 | Shanxi Diankeyun Technology NODERP up to 6.0.2 /runtime/log file access

CVE-2024-40614 | EGroupware up to 17.1.20190111 ORDER BY Privilege Escalation

CVE-2024-36412 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 Events Response Entry Point sql injection