First published: Tue Mar 06 2018(Updated: )
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-860l Firmware | <=a1_fw110b04 | |
Dlink Dir-860l | ||
Dlink Dir-865l Firmware | <=reva_firmware_patch_1.08.b01 | |
Dlink Dir-865l | ||
Dlink Dir-868l Firmware | <=a1_fw112b04 | |
Dlink Dir-868l | ||
Dlink Dir-860l Firmware | <=a1_fw110b04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2018-6527.
The severity of CVE-2018-6527 is medium with a CVSS score of 6.1.
The D-Link routers affected by CVE-2018-6527 are DIR-868L, DIR-865L, and DIR-860L.
Remote attackers can exploit this vulnerability to read a cookie via a crafted request.
Please refer to the vendor's website or security advisory for information on available fixes for CVE-2018-6527.