PT-2018-13261 · D Link · Dir-615
Published
2018-08-25
·
Updated
2021-04-23
·
CVE-2018-15875
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-615 routers version 20.07
Description
A cross-site scripting (XSS) issue allows attackers to inject JavaScript into the router's admin UPnP page via the
description field in an "AddPortMapping" UPnP SOAP request.Recommendations
For version 20.07, consider disabling access to the UPnP page until a patch is available. Restrict access to the
description field in the AddPortMapping UPnP SOAP request to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dir-615