Cross-Site Scripting Vulnerability in D-Link DIR-850L Firmware
CVE-2017-14413

6.1MEDIUM

Key Information:

Vendor: D-Link
Status: Dir-850l Firmware
Vendor: CVE Published:; 13 September 2017

Summary

The D-Link DIR-850L REV. A devices exhibit a Cross-Site Scripting vulnerability in the action parameter of the htdocs/web/wpsacts.php component. This flaw allows an attacker to inject malicious scripts through crafted requests, potentially compromising sensitive user data and control over the affected device. Users of this firmware should be aware of the risks and take appropriate measures to secure their devices.

References

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-my...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2017
Vulnerability Reserved
Sep 13, 2017