EUVD-2018-17974

Malware in sbrugna...

EUVD-2018-17973

Malware in sbrugna...

The vulnerability in the web interface of D-Link DIR-620 microprogrammed software routers allows a attacker to carry out XSS attacks.

The vulnerability of the web interface of D-Link DIR-620 router software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the web interface of D-Link DIR-620 microprogrammed router software allows a hacker to enhance their privileges and gain unauthorized access to protected information.

The vulnerability of the web interface of D-Link DIR-620 microprogrammed software routers is related to the use of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...

The vulnerability of D-Link DIR-620 router’s microprogramming software, which stems from the use of pre-installed registration data, allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of D-Link DIR-620 router microprogramming software is related to the use of pre-installed registration data. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...

CVE-2018-6212

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

Cross site scripting

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

Command injection

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

Hardcoded credentials

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

CVE-2018-6212

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

CVE-2018-6212

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

CVE-2018-6210

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session...

Hardcoded credentials

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session...

D-Link DIR-620 Router Cross Site Scripting Vulnerability

D-link DIR-620 is a wireless router product from AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DIR-620 due to the program failing to filter for special characters in the 'Search' field and failing to properly handle XMLHttpRequest objects. A remote attacker can use this...

PT-2018-3887 · D Link · Dir-620

Name of the Vulnerable Software and Affected Versions: D-Link DIR-620 devices with customized firmware versions 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22 Description: The issue is related to a hardcoded password for the admin account, specifically set to anonymous. This could allow a...