CVE-2019-13562

Name of the Vulnerable Software and Affected Versions D-Link DIR-655 C devices before version 3.02B05 BETA03

Description The issue allows for XSS, as demonstrated by the "/www/ping response.cgi" API endpoint with the ping ipaddr parameter, the "/www/ping6 response.cgi" API endpoint with the ping6 ipaddr parameter, and the "/www/apply sec.cgi" API endpoint with the html response return page parameter.

Recommendations For versions prior to 3.02B05 BETA03, update to version 3.02B05 BETA03 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints "/www/ping response.cgi", "/www/ping6 response.cgi", and "/www/apply sec.cgi" until the update is applied. Avoid using the parameters ping ipaddr, ping6 ipaddr, and html response return page in the affected API endpoints until the issue is resolved.