XSS Vulnerability in D-Link DIR Series Routers
CVE-2018-6527

6.1MEDIUM

Key Information:

Vendor
D-Link
Vendor
CVE Published:
6 March 2018

Summary

A Cross-Site Scripting (XSS) vulnerability exists in specific D-Link DIR router models that allows remote attackers to exploit crafted device ID parameters. By leveraging this vulnerability, adversaries can gain unauthorized access to cookies, potentially compromising user sessions and gaining sensitive information. Users are recommended to upgrade to the latest firmware versions as detailed in D-Link’s security advisories to mitigate this risk.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.