PT-2018-13260 · D Link · Dir-615
Published
2018-08-25
·
Updated
2021-04-23
·
CVE-2018-15874
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-615 router version 20.07
Description
A cross-site scripting (XSS) issue allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the
hostname field in a DHCP request.Recommendations
For version 20.07, consider restricting access to the "Status -> Active Client Table" page until a patch is available. As a temporary workaround, avoid using the
hostname field in DHCP requests to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dir-615