CVE-2018-7859

MEDIUM

D-Link DGS-1510 Series Firmware < 1.31.b003 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0016
EPSS Percentile 36.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (24)
dlink/dgs-1510-20_firmware 1.20.011
dlink/dgs-1510-20_firmware 1.30.007
dlink/dgs-1510-20_firmware < 1.31.b003
dlink/dgs-1510-28_firmware 1.20.011
dlink/dgs-1510-28_firmware 1.30.007
dlink/dgs-1510-28_firmware < 1.31.b003
dlink/dgs-1510-28p_firmware 1.20.011
dlink/dgs-1510-28p_firmware 1.30.007
dlink/dgs-1510-28p_firmware < 1.31.b003
dlink/dgs-1510-28x_firmware 1.20.011
... and 14 more
Published Dec 30, 2019
Tracked Since Feb 18, 2026