CVE-2018-6527
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
06/03/2018
Last modified:
08/11/2023
Description
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:* | a1_fw110b04 (including) | |
| cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:* | reva_firmware_patch_1.08.b01 (including) | |
| cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:* | a1_fw112b04 (including) | |
| cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
- ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
- ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
- https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto