JavaScript Injection Vulnerability in D-Link DIR-615 Routers 20.07

JavaScript Injection Vulnerability in D-Link DIR-615 Routers 20.07

CVE-2018-15875 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

Learn more about our Web Application Penetration Testing UK.