First published: Tue Mar 06 2018(Updated: )
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-860l Firmware | <=a1_fw110b04 | |
Dlink Dir-860l | ||
Dlink Dir-865l Firmware | <=reva_firmware_patch_1.08.b01 | |
Dlink Dir-865l | ||
Dlink Dir-868l Firmware | <=a1_fw112b04 | |
Dlink Dir-868l | ||
Dlink Dir-860l Firmware | <=a1_fw110b04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6528 is a Cross-Site Scripting (XSS) vulnerability in D-Link DIR-868L, DIR-865L, and DIR-860L routers.
CVE-2018-6528 allows remote attackers to read a cookie via a crafted request to htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L routers running DIR868LA1_FW112b04 and previous versions.
CVE-2018-6528 allows remote attackers to read a cookie via a crafted request to htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-865L routers running DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions.
CVE-2018-6528 allows remote attackers to read a cookie via a crafted request to htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-860L routers running DIR860LA1_FW110b04 and previous versions.
To mitigate CVE-2018-6528, users should upgrade to the latest firmware version provided by D-Link.