CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-11017 – D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-11017
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter. En los dispositivos D-Link DI-524 versión V 2.06 RU, múltiples vulnerabilidades almacenadas y reflejadas de tipo XSS se encontraron en la configuración Web:/SPAP.htm, /SMAP.htm, y /cgi-bin/SMAP, como lo demuestra el parámetro RC cgi-bin/SMAP. D-Link DI-524 version 2.06RU suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46687 http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 3CVE-2017-5633 – D-Link DI-524 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-5633
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. Múltiples vulnerabilidades de CSRF en el router wireless D-Link DI-524 con firmware 9.01 permiten a atacantes remotos (1) cambiar la contraseña de administrador, (2) reiniciar el dispositivo o (3) posiblemente tener otro impacto no especificado a través de peticiones manipuladas a programas CGI. • https://www.exploit-db.com/exploits/40983 https://github.com/cardangi/Exploit-CVE-2017-5633 http://seclists.org/fulldisclosure/2017/Feb/70 http://www.securityfocus.com/bid/96475 • CWE-352: Cross-Site Request Forgery (CSRF) •