CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6936 – D-Link DIR-600M Wireless - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-6936
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. Existe Cross-Site Scripting (XSS) en D-Link DIR-600M C1 3.01 mediante el SSID o el nombre de una cuenta de usuario. D-Link DIR-600M Wireless suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44219 https://0day4u.wordpress.com/2018/02/21/d-link-dir-600m-wireless-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-10676
https://notcve.org/view.php?id=CVE-2017-10676
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. En los dispositivos D-Link DIR-600M anteriores a versión C1_v3.05ENB01_beta_20170306, se encontró un problema de tipo XSS en el parámetro username del archivo form2userconfig.cgi. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-600M/REVC/DIR-600M_REVC_FIRMWARE_PATCH_NOTES_3.05B01_EN.pdf https://iscouncil.blogspot.com/2017/07/stored-xss-in-d-link-dir-600m-router.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5874
https://notcve.org/view.php?id=CVE-2017-5874
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. CSRF existe en los dispositivos D-Link DIR-600M Rev. Cx en versiones anteriores a v3.05ENB01_beta_20170306. • http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10072 http://www.securityfocus.com/bid/96999 • CWE-352: Cross-Site Request Forgery (CSRF) •