CVE-2018-6936

MEDIUM

D-Link DIR-600M C1 3.01 - Stored Cross-Site Scripting via SSID or User Account Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6936. PoCs published by Prasenjit Kanti Paul.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in D-Link DIR-600M routers. The vulnerability allows an attacker to inject malicious JavaScript code via the user creation or SSID name fields, which executes when the page is refreshed.

Description

Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.

Exploits (1)

exploitdb WORKING POC
by Prasenjit Kanti Paul · textwebappshardware
https://www.exploit-db.com/exploits/44219

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in D-Link DIR-600M routers. The vulnerability allows an attacker to inject malicious JavaScript code via the user creation or SSID name fields, which executes when the page is refreshed.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: D-Link DIR-600M Wireless Router, Firmware version 3.01
Auth required
Prerequisites: Access to the router's admin panel · Valid credentials to create a user or change SSID
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44219/

Scores

CVSS v3 5.4
EPSS 0.0227
EPSS Percentile 80.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
d-link/dir-600m_c1_firmware 3.01
Published Feb 21, 2018
Tracked Since Feb 18, 2026