First published: Thu Jul 20 2017(Updated: )
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-600m Firmware | =fw3.05b01 | |
Dlink Dir-600m |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-10676 is classified as medium with a score of 6.1.
You can fix CVE-2017-10676 by updating the firmware to version C1_v3.05ENB01_beta_20170306 or later.
The affected devices are D-Link DIR-600M devices running firmware versions prior to C1_v3.05ENB01_beta_20170306.
CVE-2017-10676 is a stored cross-site scripting (XSS) vulnerability.
CVE-2017-10676 allows an attacker to exploit the XSS vulnerability via the username parameter in form2userconfig.cgi.