Lucene search
PRIOn knowledge basePRION:CVE-2018-6527HistoryMar 06, 2018 - 8:29 p.m.
Cross site scripting
2018-03-0620:29:00
PRIOn knowledge base
www.prio-n.com
6
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dir-860l_firmware | eq | <= a1-fw110b4 | |
| dir-865l_firmware | eq | <= revafirmwarepatch1.8.b1 | |
| dir-868l_firmware | eq | <= a1-fw112b4 |
References
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf
github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto
Related
nvd
nvd
CVE-2018-6527
2018-03-06 20:29:00
cve
cve
CVE-2018-6527
2018-03-06 20:29:00
cvelist
cvelist
CVE-2018-6527
2018-03-06 20:00:00
openvas
openvas
D-Link DIR Routers Multiple Cookie Disclosure Vulnerabilities (Mar 2018)
2018-03-21 00:00:00