ID
VAR-201006-0508
TITLE
D-LINK DIR-615 Cross-Site Scripting Vulnerability
Trust: 0.6
DESCRIPTION
The D-LINK DIR-615 is a router device. The D-LINK DIR-615 incorrectly comes with user-submitted input, and a remote attacker can exploit the vulnerability for cross-site scripting attacks to obtain sensitive information from the target user or unauthorized access to the device. D-LINK DIR-615 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NOTE: This issue may be related to one of the issues described in BID 28439
Trust: 0.81
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | no | model: | - | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir-615 | scope: | eq | version: | 0 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 41113 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-1176 | Trust: 0.6 |
REFERENCES
| url: | http://swbae.egloos.com/3325910 | Trust: 0.9 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
CREDITS
opt9
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-1176 |
| db: | BID | id: | 41113 |
LAST UPDATE DATE
2022-05-17T02:10:51.194000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-1176 | date: | 2010-06-25T00:00:00 |
| db: | BID | id: | 41113 | date: | 2010-06-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-1176 | date: | 2010-06-25T00:00:00 |
| db: | BID | id: | 41113 | date: | 2010-06-24T00:00:00 |