Cross-Site Scripting Vulnerability in D-Link DIR-850L Devices
CVE-2017-14415

6.1MEDIUM

Key Information:

Vendor
D-Link
Status
Dir-850l Firmware
Vendor
CVE Published:
13 September 2017

Summary

D-Link DIR-850L REV. A devices, running firmware versions up to FW114WWb07_h2ab_beta1, are susceptible to a Cross-Site Scripting (XSS) vulnerability. This security flaw arises from improper sanitization of the action parameter in the htdocs/web/sitesurvey.php script, enabling an attacker to inject malicious scripts into web pages viewed by users. If exploited, this vulnerability could allow unauthorized access to sensitive user data and compromise the integrity of the affected systems.

References

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-my...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.