Cross-Site Scripting Vulnerability in D-Link DIR-655 Router
CVE-2014-9518

Currently unrated

Key Information:

Vendor: D-link
Status: Dir-655 Firmware; Dir-655
Vendor: CVE Published:; 5 January 2015

Summary

A cross-site scripting vulnerability exists in the login.cgi of the D-Link DIR-655 router (rev Bx) when running firmware versions earlier than 2.12b01. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the html_response_page parameter, potentially compromising sensitive user data and control over the device. Users are recommended to update their firmware to mitigate this risk and secure their network.

References

http://secunia.com/advisories/61831

third-party-advisoryx_refsource_SECUNIA

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://www.securityfocus.com/bid/71772

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 5, 2015