D Link · D-Link Dap-2310 · CVE-2024-28436
**Name of the Vulnerable Software and Affected Versions**
D-Link DAP products versions DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662
**Description**
The issue is related to a Cross Site Scripting vulnerability in the session login.php component of D-Link DAP products. This vulnerability can be exploited by a remote attacker to execute arbitrary code via the `reload` parameter. The exploitation may allow the attacker to conduct inter-site scripting attacks.
**Recommendations**
For D-Link DAP products versions DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662, consider disabling the `session login.php` component or restricting access to the `reload` parameter until a patch is available.
As a temporary workaround, avoid using the `reload` parameter in the affected API endpoint until the issue is resolved.