CVE-2017-10676
First published: Thu Jul 20 2017(Updated: )
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-link Dir-600m Firmware | =fw3.05b01 | |
| Dlink Dir-600m |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-10676?
The severity of CVE-2017-10676 is classified as medium with a score of 6.1.
How do I fix CVE-2017-10676?
You can fix CVE-2017-10676 by updating the firmware to version C1_v3.05ENB01_beta_20170306 or later.
Which devices are affected by CVE-2017-10676?
The affected devices are D-Link DIR-600M devices running firmware versions prior to C1_v3.05ENB01_beta_20170306.
What type of vulnerability is CVE-2017-10676?
CVE-2017-10676 is a stored cross-site scripting (XSS) vulnerability.
What impact does CVE-2017-10676 have on affected devices?
CVE-2017-10676 allows an attacker to exploit the XSS vulnerability via the username parameter in form2userconfig.cgi.
- collector/nvd-index
- vendor/d-link
- product/dir-600m firmware
- canonical/d-link dir-600m firmware
- vendor/dlink
- product/dir-600m
- canonical/dlink dir-600m