CVE-2024-27684

Name of the Vulnerable Software and Affected Versions D-Link GORTAC750 A1 FW v101b03

Description A Cross-site scripting (XSS) vulnerability in components such as dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi, and seama.cgi allows remote attackers to inject arbitrary web script or HTML via the url parameter. This vulnerability is related to the lack of protection for the web page structure, which can be exploited by a remote attacker to conduct a cross-site scripting attack.

Recommendations For D-Link GORTAC750 A1 FW v101b03, consider disabling access to the vulnerable components dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi, and seama.cgi until a patch is available. Avoid using the url parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.