• June 18, 2018, 06:35:22 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: New - DIR-860L Rev A v1.11 Build 01 Beta FW - Official Security Release  (Read 1156 times)

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 45134
  • D-Link Global Forum Moderator
    • New DIR-890L Router with SmartConnect™ Technology

Firmware:   v1.11 Build 01 Beta   02/28/2018 WW Region!
Revision Info:   
¤Problems Resolved:
Reported: 01/14/2018
Discovered by: Kaixiang Zhang of Qihoo 360 Gear Team

CVE-2018-6527 - XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php allowing remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.

CVE-2018-6528 - XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php allowing remote attackers to read a cookie via a crafted receiver parameter to soap.cgi

CVE-2018-6529 - XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php allowing remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.

CVE-2018-6530 - OS command injection vulnerability in soap.cgi (soapcgi_main incgibin) allowing remote attackers to execute arbitrary OS commands via the service parameter.


NOTE: Follow the>FW Update Process

Get it here:
DIR-860L


« Last Edit: February 28, 2018, 02:03:56 PM by GreenBay42 »
Logged
Cable:200mb/10Mb>Motorola MB7420>COVR3902>HP 24pt Gb Switch. 3xDGL-4500s,DIR-857,835,827,815,890L,880L,868L,865L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting