ID
VAR-E-201804-0244
CVE
| cve_id: | CVE-2018-10110 | Trust: 1.5 |
EDB ID
44473
TITLE
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting. CVE-2018-10110 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-615 wireless router | scope: | - | version: | - | Trust: 1.6 |
| vendor: | d link | model: | dir-615 | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
######################################################################################
# Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting (XSS)
# Date: 14.04.2018
# Exploit Author: Sayan Chatterjee
# Vendor Homepage: http://www.dlink.co.in
# Hardware Link: http://www.dlink.co.in/products/?pid=678
# Category: Hardware (Wi-fi Router)
# Hardware Version: T1
# Firmware Version: 20.07
# Tested on: Windows 10
# CVE: CVE-2018-10110
#######################################################################################
Reproduction Steps:
------------------------------
1. Go to your wi-fi router gateway [i.e: http://192.168.0.1]
2. Go to –> “Maintenance” –> “Admin”
3. Create a user with name alert_"HI"
4. Refresh the page and you will be having “HI” popup
#######################################################################################
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Persistent Cross Site Scripting
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Sayan Chatterjee
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 44473 | Trust: 1.6 |
| db: | NVD | id: | CVE-2018-10110 | Trust: 1.5 |
| db: | EDBNET | id: | 97513 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 147184 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-10110 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/44473/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 147184 |
| db: | EXPLOIT-DB | id: | 44473 |
| db: | EDBNET | id: | 97513 |
LAST UPDATE DATE
2022-07-27T09:47:01.739000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 147184 | date: | 2018-04-17T13:21:45 |
| db: | EXPLOIT-DB | id: | 44473 | date: | 2018-04-17T00:00:00 |
| db: | EDBNET | id: | 97513 | date: | 2018-04-17T00:00:00 |