CVE-2021-41445

Name of the Vulnerable Software and Affected Versions D-Link DIR-X1860 versions prior to v1.10WWB09 Beta

Description The issue is related to a reflected cross-site-scripting attack in the web application of the D-Link DIR-X1860. This allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. The vulnerability is associated with the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted web page.

Recommendations For versions prior to v1.10WWB09 Beta, update to v1.10WWB09 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation. Avoid using the web application until the issue is resolved.