Cross Site Scripting Vulnerability in D-Link DCS-6010L Management Application
CVE-2025-8155

5.1MEDIUM

Key Information:

Vendor: D-link
Status: Dcs-6010l
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-8155?

A vulnerability has been identified in the management application of the D-Link DCS-6010L model, specifically within the /vb.htm file. This security flaw allows for cross site scripting (XSS), which can be exploited remotely by manipulating the 'paratest' argument. It is important to note that this vulnerability affects devices that are no longer supported by D-Link, making them particularly susceptible to exploitation. The details of this exploit have been publicly disclosed, increasing the risk for users operating this version of the device.

Affected Version(s)

DCS-6010L 1.15.03

References

https://vuldb.com/?id.317569

vdb-entrytechnical-description

https://vuldb.com/?ctiid.317569

signaturepermissions-required

https://vuldb.com/?submit.620531

third-party-advisory

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

Fergod (VulDB User)

CVE-2025-8155 Data

JSON

D-link

What is CVE-2025-8155?

Affected Version(s)

References

EPSS Score

CVSS V4

Timeline

Credit