soh0ro0t/Pwn-Multiple-Dlink-Router-Via-Soap-Proto

soh0ro0t/Pwn-Multiple-Dlink-Router-Via-Soap-Proto

Releases0

Stars11

日前我发现了D-Link DIR 880L/865L/868L/860L路由器存在多个XSS和命令注入漏洞，最主要的问题是路由器未对用户输入进行检查，导致恶意数据请求被执行，最终被远程攻击者控制整个设备。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-6527 ↗	Mar 6, 2018Tuesday, 6 March 2018, 20:29	6.1 MEDIUM	4.3 MEDIUM
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
CVE-2018-6528 ↗	Mar 6, 2018Tuesday, 6 March 2018, 20:29	6.1 MEDIUM	4.3 MEDIUM
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
CVE-2018-6529 ↗	Mar 6, 2018Tuesday, 6 March 2018, 20:29	6.1 MEDIUM	4.3 MEDIUM
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
CVE-2018-6530 ↗	Mar 6, 2018Tuesday, 6 March 2018, 20:29	9.8 CRITICAL	10 HIGH
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.