CVE-2025-9003 is a cross-site scripting (XSS) vulnerability identified in the D-Link DIR-818LW router, specifically in version 1.04 of its firmware. The vulnerability resides in the DHCP Reserved Address Handler component, within the /bsc_lan.php file. The issue arises due to improper sanitization of the 'Name' argument, which an attacker can manipulate to inject malicious scripts. This vulnerability can be exploited remotely without requiring prior authentication, although user interaction is necessary to trigger the XSS payload (e.g., by visiting a crafted URL). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L) but user interaction is needed (UI:P). The vulnerability impacts the confidentiality and integrity of the affected system by potentially allowing attackers to execute arbitrary scripts in the context of the victim's browser session, which could lead to session hijacking, credential theft, or other malicious activities. However, the vulnerability does not affect availability, and there is no indication of known exploits in the wild. Importantly, the affected product is no longer supported by the vendor, meaning no official patches or updates are available to remediate this issue. This increases the risk for users who continue to operate this device without mitigation.

For European organizations, the impact of this vulnerability depends largely on the presence and role of the D-Link DIR-818LW routers within their network infrastructure. Since this model is an older consumer-grade router, it is more likely to be found in small offices or home office environments rather than critical enterprise networks. Nonetheless, exploitation could allow attackers to execute malicious scripts in the context of the router's web management interface, potentially leading to unauthorized access to router settings or interception of network traffic. This could compromise network security, enabling lateral movement or data exfiltration. Given the router is no longer supported, organizations relying on these devices face increased risk due to the absence of vendor patches. Additionally, European organizations with remote or hybrid workforces using these routers at home may be vulnerable to targeted attacks exploiting this XSS flaw. The medium severity rating suggests a moderate risk, but the lack of patch availability and remote exploitability elevate the threat level for affected users.

Since the vendor no longer supports the DIR-818LW device and no official patches are available, organizations should prioritize replacing these routers with currently supported models that receive regular security updates. In the interim, practical mitigations include: 1) Restricting access to the router's web management interface by limiting it to trusted internal IP addresses and disabling remote management features if enabled. 2) Employing network segmentation to isolate vulnerable devices from critical network assets, reducing potential lateral movement. 3) Monitoring network traffic for suspicious activity that could indicate exploitation attempts. 4) Educating users about the risks of clicking on unknown or suspicious links that could trigger the XSS attack. 5) If possible, applying custom firewall rules or web application firewalls (WAFs) to detect and block malicious payloads targeting the vulnerable parameter. 6) Regularly auditing network devices to identify unsupported hardware and planning timely upgrades to supported equipment.