Cross-Site Scripting Vulnerability in D-Link DIR-818LW Router
CVE-2025-9003

5.1MEDIUM

Key Information:

Vendor: D-link
Status: Dir-818lw
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-9003?

A vulnerability exists in the D-Link DIR-818LW router related to the handling of DHCP Reserved Address management via the /bsc_lan.php script. This flaw allows remote attackers to exploit the argument 'Name' to execute cross-site scripting (XSS) attacks. The exploitation of this vulnerability requires the targeted device to be running an affected version, specifically version 1.04, and impacts devices that are no longer maintained by D-Link, increasing the risk for users relying on outdated hardware.

Affected Version(s)

DIR-818LW 1.04

References

https://vuldb.com/?id.320032

vdb-entrytechnical-description

https://vuldb.com/?ctiid.320032

signaturepermissions-required

https://vuldb.com/?submit.628334

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Aug 13, 2025

Credit

Edcarlos (VulDB User)

D-link

What is CVE-2025-9003?

Affected Version(s)

References

CVSS V4

Timeline

Credit