CVE-2018-10107

Name of the Vulnerable Software and Affected Versions D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01

Description The issue exists due to inadequate protection of the web page structure in the /htdocs/webinc/js/info.php component of the D-Link DIR-815 REV. B router's firmware. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack by manipulating the RESULT parameter in the "/htdocs/webinc/js/info.php" API endpoint.

Recommendations For D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01, as a temporary workaround, consider restricting access to the /htdocs/webinc/js/info.php endpoint to minimize the risk of exploitation. Avoid using the RESULT parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.