CVE-2025-4860 | D-Link DAP-2695 120b36r137_ALL_en_20210528 Static Pool Settings Page /adv_dhcps.php f_mac cross site scripting

A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2025-4860. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Other parameters might be affected as well.VulDB Recent EntriesRead More