D-Link DSL-2750U R5B017 Vulnerable to Cross-Site Scripting Attacks Remotely
CVE-2024-9792

6.1MEDIUM

Key Information:

Vendor
D-link
Status
Dsl-2750u
Vendor
CVE Published:
10 October 2024

Summary

A vulnerability has been identified in the D-Link DSL-2750U router, specifically within its Port Forwarding Page. The issue arises from improper handling of user input in the PortMappingDescription field, allowing remote attackers to execute cross-site scripting (XSS) attacks. This flaw can permit the injection of malicious scripts into web pages viewed by users of the affected device, potentially compromising the confidentiality and integrity of user data. The vulnerability underscores the importance of securing web interfaces and ensuring proper validation and sanitization of input parameters.

Affected Version(s)

DSL-2750U R5B017

References

https://vuldb.com/?id.279945
vdb-entrytechnical-description
https://vuldb.com/?ctiid.279945
signaturepermissions-required
https://vuldb.com/?submit.415532
third-party-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TheRaghul (VulDB User)
.