CVE-2024-33111

Name of the Vulnerable Software and Affected Versions D-Link DIR-845L router version 1.01KRb03 and earlier

Description The issue is related to a Cross Site Scripting (XSS) vulnerability via the /htdocs/webinc/js/bsc sms inbox.php endpoint. This vulnerability is associated with the failure to protect the web page structure when processing the Treturn parameter in the $ GET request. Exploitation of this issue may allow a remote attacker to conduct an XSS attack.

Recommendations For D-Link DIR-845L router version 1.01KRb03 and earlier, as a temporary workaround, consider restricting access to the /htdocs/webinc/js/bsc sms inbox.php endpoint until a patch is available. Avoid using the Treturn parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.