XSS Vulnerability in D-Link 6600-AP and DWL-3600AP Devices
CVE-2019-14338

6.1MEDIUM

Key Information:

Vendor

D-Link
Status
6600-ap Firmware
Vendor
CVE Published:
1 August 2019

What is CVE-2019-14338?

A vulnerability exists in the D-Link 6600-AP and DWL-3600AP devices due to an XSS flaw in the management interface. When an authenticated user accesses the admin.cgi?action= page, they can be subjected to cross-site scripting attacks, allowing attackers to inject malicious scripts. This could lead to unauthorized actions being performed on behalf of the user, such as accessing sensitive data or compromising the device's configuration.

References

https://us.dlink.com/en/security-advisory
x_refsource_MISC
https://www.dlink.com/en/security-bulletin
x_refsource_MISC
http://packetstormsecurity.com/files/153840/D-Link-6600-A...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.