CVE-2020-15895
MEDIUM NUCLEID-Link DIR-816L Firmware 2.x - Stored Cross-Site Scripting via RESULT Parameter
Title source: llmExploitation Summary
CVE-2020-15895 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
Nuclei Templates (1)
D-Link DIR-816L 2.x - Cross-Site Scripting
MEDIUMby edoardottt
Shodan:
html:"DIR-816L" || http.html:"dir-816l"
FOFA:
body="dir-816l"
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169
Exploit, Third Party Advisory x_refsource_misc
https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/
Scores
CVSS v3
6.1
EPSS
0.0284
EPSS Percentile
84.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
dlink/dir-816l_firmware
2.06
dlink/dir-816l_firmware
2.06.b09 beta
Published
Jul 22, 2020
Tracked Since
Feb 18, 2026