CVE-2025-10093

low-risk

Published 2025-09-08

A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Dir-852 Firmware

Affected Vendors

Dlink

References (6)

Exploit https://github.com/i-Corner/cve/issues/21

Permissions Required https://vuldb.com/?ctiid.323049

Third Party Advisory https://vuldb.com/?id.323049

Third Party Advisory https://vuldb.com/?submit.644935

Product https://www.dlink.com/

Exploit https://github.com/i-Corner/cve/issues/21

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal