D-Link Forums

Announcements => Security Advisories => Topic started by: GreenBay42 on February 28, 2018, 08:38:38 AM

Title: XSS Vulnerability - DIR-860L / 865L / 868L / 880L - Patches Released
Post by: GreenBay42 on February 28, 2018, 08:38:38 AM

New security patches released for the following routers:

DIR-880L RevA - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_v1.08b06_BETA02.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_v1.08b06_BETA02.zip)

DIR-865L RevA - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_1.10B01_BETA01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_1.10B01_BETA01.zip)

DIR-868L RevA - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_v1.20B01_BETA.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_v1.20B01_BETA.zip)

DIR-860L RevA - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_v1.11B01_BETA01.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_v1.11B01_BETA01.zip)


Release Notes:

Reported: 01/14/2018
Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team

Problems Resolved:

CVE-2018-6527 - XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.

CVE-2018-6528 - XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi

CVE-2018-6529 - XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.

CVE-2018-6530 - OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter.