CVE-2018-6936

Name of the Vulnerable Software and Affected Versions D-Link DIR-600M C1 version 3.01

Description The issue exists due to inadequate protection of the web page structure in the administrative panel of the D-Link DIR-600M C1 Wi-Fi router's firmware. This allows a remote attacker to conduct a cross-site scripting (XSS) attack. The attack can be performed via the SSID or the name of a user account.

Recommendations For D-Link DIR-600M C1 version 3.01, consider restricting access to the administrative panel until a patch is available. As a temporary workaround, avoid using user-supplied input in the SSID or user account name fields to minimize the risk of exploitation.