Sign-up

ID

VAR-201804-0880


CVE

CVE-2018-10110


TITLE

D-Link DIR-615 Device cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004190

DESCRIPTION

D-Link DIR-615 T1 devices allow XSS via the Add User feature. D-Link DIR-615 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-Link DIR-615 is a small wireless router product of D-Link. There is a cross-site scripting vulnerability in the D-Link DIR-615 T1 version. The vulnerability is caused by the program not correctly validating the input submitted by the user. Remote attackers can exploit this vulnerability to inject malicious scripts into web pages by using the user-added function

Trust: 1.71

sources: NVD: CVE-2018-10110 // JVNDB: JVNDB-2018-004190 // VULHUB: VHN-119837

AFFECTED PRODUCTS

vendor:d linkmodel:dir-615 t1scope:eqversion:20.07

Trust: 1.6

vendor:d linkmodel:dir-615scope:eqversion:t1

Trust: 0.8

sources: JVNDB: JVNDB-2018-004190 // CNNVD: CNNVD-201804-820 // NVD: CVE-2018-10110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10110
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10110
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-820
value: MEDIUM

Trust: 0.6

VULHUB: VHN-119837
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-10110
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-119837
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10110
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-119837 // JVNDB: JVNDB-2018-004190 // CNNVD: CNNVD-201804-820 // NVD: CVE-2018-10110

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-119837 // JVNDB: JVNDB-2018-004190 // NVD: CVE-2018-10110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-820

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201804-820

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004190

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-119837

PATCH
title:DIR-615url:https://support.dlink.com/ProductInfo.aspx?m=DIR-615
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004190

EXTERNAL IDS
db:NVDid:CVE-2018-10110
Trust: 2.5
db:PACKETSTORMid:147184
Trust: 1.7
db:EXPLOIT-DBid:44473
Trust: 1.7
db:JVNDBid:JVNDB-2018-004190
Trust: 0.8
db:CNNVDid:CNNVD-201804-820
Trust: 0.6
db:VULHUBid:VHN-119837
Trust: 0.1
sources:
            
            
            VULHUB: VHN-119837 // 
            
            
            
            JVNDB: JVNDB-2018-004190 // 
            
            
            
            CNNVD: CNNVD-201804-820 // 
            
            
            
            NVD: CVE-2018-10110

REFERENCES
url:https://hacksayan.wordpress.com/d-link-dir-615-wireless-router-persistent-cross-site-scripting-xss/
Trust: 2.5
url:https://www.exploit-db.com/exploits/44473/
Trust: 1.7
url:http://packetstormsecurity.com/files/147184/d-link-dir-615-cross-site-scripting.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10110
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10110
Trust: 0.8
sources:
            
            
            VULHUB: VHN-119837 // 
            
            
            
            JVNDB: JVNDB-2018-004190 // 
            
            
            
            CNNVD: CNNVD-201804-820 // 
            
            
            
            NVD: CVE-2018-10110

SOURCES
db:VULHUBid:VHN-119837
db:JVNDBid:JVNDB-2018-004190
db:CNNVDid:CNNVD-201804-820
db:NVDid:CVE-2018-10110

LAST UPDATE DATE
2024-11-23T22:52:09.860000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-119837date:2018-05-21T00:00:00
db:JVNDBid:JVNDB-2018-004190date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201804-820date:2023-04-27T00:00:00
db:NVDid:CVE-2018-10110date:2024-11-21T03:40:51.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-119837date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004190date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201804-820date:2018-04-18T00:00:00
db:NVDid:CVE-2018-10110date:2018-04-18T21:29:00.217