D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-880L => Topic started by: FurryNutz on February 28, 2018, 09:08:24 AM
-
Firmware: v1.08 Build 06 02/28/2018 WW Region!
Revision Info:
Problems Resolved:
Reported: 01/14/2018
Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team
CVE-2018-6527 - XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
CVE-2018-6528 - XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi
CVE-2018-6529 - XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
CVE-2018-6530 - OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter.
Enhancements:
1. None
NOTE: if your DIR-880L router is working with out any issues, it's recommended to keep the current version of FW that is loaded unless your are effected by one of the fixes. Use at your own risk.
IF IT WORKS, DON'T FIX IT!!! ::)
Get it here:
NA Region:
DIR-880L (http://support.dlink.com/ProductInfo.aspx?m=DIR-880L)
Follow the >FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)