D-Link Forums
Announcements => Security Advisories => Topic started by: GreenBay42 on August 24, 2018, 07:11:55 AM
-
Affected Products: DIR-620, DIR-620S, and DIR-620G1A
Hardware Revision: Ax and Ex
Firmware v2.0.22 - ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-620/DIR-620_FIRMWARE_PATCH_2.0.22_RU.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-620/DIR-620_FIRMWARE_PATCH_2.0.22_RU.zip)
Disclosed by Kaspersky Labs:
1. CVE-2018-6210 - a vulnerability that lets attackers recover Telnet credentials.
2. CVE-2018-6211 - a flaw that lets attackers execute OS commands via one of the admin panel's URL parameters.
3. CVE-2018-6212 - a reflected cross-site scripting (XSS) vulnerability in the router's "Quick Search" admin panel field