CVE-2018-16605
MEDIUMD-Link DIR-600M Firmware - Stored Cross-Site Scripting via Dynamic DNS Configuration
Title source: llmDescription
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=BvZJ_e2BH_M&feature=youtu.be
Scores
CVSS v3
5.4
EPSS
0.0038
EPSS Percentile
59.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
dlink/dir-600m_firmware
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026