D-Link Forums

The Graveyard - Products No Longer Supported => Routers => DIR-860L => Topic started by: FurryNutz on February 28, 2018, 09:16:22 AM

Title: New - DIR-860L Rev A v1.11 Build 01 Beta FW - Official Security Release
Post by: FurryNutz on February 28, 2018, 09:16:22 AM
Firmware:   v1.11 Build 01 Beta   02/28/2018 WW Region!
Revision Info:   
¤Problems Resolved:
Reported: 01/14/2018
Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team

CVE-2018-6527 - XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.

CVE-2018-6528 - XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi

CVE-2018-6529 - XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.

CVE-2018-6530 - OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter.


NOTE: Follow the>FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)

Get it here:
DIR-860L (http://support.dlink.com/productinfo.aspx?m=DIR-860L)