First published: Tue Mar 06 2018(Updated: )
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-860l Firmware | <=a1_fw110b04 | |
Dlink Dir-860l | ||
Dlink Dir-865l Firmware | <=reva_firmware_patch_1.08.b01 | |
Dlink Dir-865l | ||
Dlink Dir-868l Firmware | <=a1_fw112b04 | |
Dlink Dir-868l | ||
Dlink Dir-860l Firmware | <=a1_fw110b04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6529 is a XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions.
CVE-2018-6529 allows remote attackers to read a cookie via a crafted Tret message.
CVE-2018-6529 has a severity score of 6.1, which is considered medium.
To fix CVE-2018-6529, update your D-Link DIR-868L firmware to version DIR868LA1_FW112b04 or newer.
More information about CVE-2018-6529 can be found at https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto.