CVE-2025-15245: Path Traversal in D-Link DCS-850L
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15245: Path Traversal in D-Link DCS-850L
Description
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-12-29T08:23:02.358Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6953b47271a94549f1bda079
Added to database: 12/30/2025, 11:16:02 AM
Last updated: 12/30/2025, 11:16:16 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-69093: Missing Authorization in wpdesk ShopMagic
UnknownCVE-2025-69092: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WPDeveloper Essential Addons for Elementor
UnknownCVE-2025-69091: Missing Authorization in Kraft Plugins Demo Importer Plus
UnknownCVE-2025-69089: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in autolistings Auto Listings
UnknownCVE-2025-69088: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Vidish Combo Offers WooCommerce
UnknownActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.