Affected Products: DIR-620, DIR-620S, and DIR-620G1A
Hardware Revision: Ax and Ex
Firmware v2.0.22 -
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-620/DIR-620_FIRMWARE_PATCH_2.0.22_RU.zipDisclosed by Kaspersky Labs:
1. CVE-2018-6210 - a vulnerability that lets attackers recover Telnet credentials.
2. CVE-2018-6211 - a flaw that lets attackers execute OS commands via one of the admin panel's URL parameters.
3. CVE-2018-6212 - a reflected cross-site scripting (XSS) vulnerability in the router's "Quick Search" admin panel field
