Critical Vulnerability Information Vulnerability Name: D-Link DAP-2695 120B36R137_ALL_EN_20210528 ARP Spoofing Prevention Page /adv_arpspoofing.php harp_mac Cross Site Scripting CVE ID: CVE-2025-4858 EUVD ID: EUVD-2025-15620 VDB IDs: VDB-309400, VDB-309401, VDB-309402 Vulnerability Details Affected Product: D-Link DAP-2695 120b36r137_ALL_en_20210528 Affected File: Component: ARP Spoofing Prevention Page Vulnerability Type: Cross Site Scripting (XSS) CWE ID: CWE-79 Impact: Affects Integrity Vulnerability Description Issue: Manipulation of the parameter with untrusted input leads to a Cross-Site Scripting (XSS) vulnerability. Cause: The product does not properly neutralize user-controlled input, allowing it to be rendered as web content to other users upon output. Exploitation Information Exploitation Difficulty: Easy Remotely Exploitable: Yes Authentication Required: Requires successful authentication at an elevated level User Interaction Required: Yes, victim interaction required Technical Details and Public Exploits: Known Attack Technique: MITRE ATT&CK T1059.007 Public Resources Advisory Download: GitHub Exploit Download: GitHub Google Hacking Search: Recommended Actions Known Mitigations: None Recommendation: Replace affected product with an alternative