XSS Vulnerability in D-Link DIR Series Routers
CVE-2018-6527
6.1MEDIUM
Summary
A Cross-Site Scripting (XSS) vulnerability exists in specific D-Link DIR router models that allows remote attackers to exploit crafted device ID parameters. By leveraging this vulnerability, adversaries can gain unauthorized access to cookies, potentially compromising user sessions and gaining sensitive information. Users are recommended to upgrade to the latest firmware versions as detailed in D-Link’s security advisories to mitigate this risk.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved