CVE-2017-10676

Name of the Vulnerable Software and Affected Versions D-Link DIR-600M versions prior to C1 v3.05ENB01 beta 20170306

Description A security issue was discovered in the form2userconfig.cgi endpoint, specifically in the username parameter, which is vulnerable to cross-site scripting (XSS). This allows for potential malicious script injection.

Recommendations For versions prior to C1 v3.05ENB01 beta 20170306, consider updating to a version that includes the fix for this issue. As a temporary workaround, restrict access to the form2userconfig.cgi endpoint to minimize the risk of exploitation. Avoid using the username parameter in the affected endpoint until the issue is resolved.