PT-2018-9684 · D Link · D-Link Dir-815
Tobechenghuai
·
Published
2018-04-16
·
Updated
2023-04-26
·
CVE-2018-10108
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01
Description:
The issue concerns a problem with the
Treturn parameter in the /htdocs/webinc/js/bsc sms inbox.php API endpoint, which can be exploited.Recommendations:
For D-Link DIR-815 REV. B versions through DIR-815 REVB FIRMWARE PATCH 2.07.B01, as a temporary workaround, consider restricting access to the
/htdocs/webinc/js/bsc sms inbox.php endpoint until a patch is available. Avoid using the Treturn parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-815