Published: 18/04/2019 Updated: 23/04/2021

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink di-524_firmware 2.06ru

# Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 # Date: April 6, 2019 # Exploit Author: Semen Alexandrovich Lyhin (wwwlinkedincom/in/semenlyhin/) # Vendor Homepage: wwwdlinkcom # Version: D-Link DI-524 - V206RU # CVE : CVE-2019-11017 To re-create Reflected XSS vulnerability, log in to the W ...

D-Link DI-524 version 206RU suffers from a cross site scripting vulnerability ...

CWE-79 https://www.exploit-db.com/exploits/46687 http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46687

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11017

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect