CVE-2018-6212

Name of the Vulnerable Software and Affected Versions D-Link DIR-620 versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, 2.0.22

Description The issue exists due to inadequate protection of the web interface structure in the D-Link DIR-620 router's firmware. This allows a remote attacker to conduct a Cross-Site Scripting (XSS) attack. The vulnerability is specifically related to the "Search" field, where missed filtration for special characters and incorrect processing of the XMLHttpRequest object can be exploited.

Recommendations For versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, consider disabling the "Search" field functionality until a patch is available to prevent exploitation of the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.