First published: Wed Sep 12 2018(Updated: )
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-600m Firmware | ||
Dlink Dir-600m |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-16605.
The severity level of CVE-2018-16605 is medium (5.4).
An attacker can exploit this vulnerability by injecting malicious scripts or code via the Hostname and Username fields in the Dynamic DNS Configuration page of D-Link DIR-600M devices, allowing for cross-site scripting (XSS) attacks.
D-Link DIR-600M devices with Dlink Dir-600m Firmware are affected by CVE-2018-16605.
At the moment, there is no information available about a fix for CVE-2018-16605. It is recommended to check with the product vendor for any available patches or updates.