tobechenghuai/Some-Vulnerabilities-of-D-link-Dir815

tobechenghuai/Some-Vulnerabilities-of-D-link-Dir815

Releases0

Stars5

I find some vulnerabilities on d-link dir815 router recently.This is a report to the dlink security team.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-10106 ↗	Apr 16, 2018Monday, 16 April 2018, 09:58	—	7.5 HIGH
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
CVE-2018-10107 ↗	Apr 16, 2018Monday, 16 April 2018, 09:58	—	4.3 MEDIUM
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
CVE-2018-10108 ↗	Apr 16, 2018Monday, 16 April 2018, 09:58	—	4.3 MEDIUM
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.