PT-2018-13261 · D Link · Dir-615
Publicado
2018-08-25
·
Atualizado
2021-04-23
·
CVE-2018-15875
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-615 routers version 20.07
Description
A cross-site scripting (XSS) issue allows attackers to inject JavaScript into the router's admin UPnP page via the
description field in an "AddPortMapping" UPnP SOAP request.Recommendations
For version 20.07, consider disabling access to the UPnP page until a patch is available. Restrict access to the
description field in the AddPortMapping UPnP SOAP request to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dir-615