CVE-2014-9518

Name of the Vulnerable Software and Affected Versions D-Link DIR-655 (rev Bx) versions prior to 2.12b01

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the html response page parameter in the login.cgi page.

Recommendations For versions prior to 2.12b01, update the firmware to version 2.12b01 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.cgi page to minimize the risk of exploitation. Avoid using the html response page parameter in the login.cgi page until the issue is resolved.