Vulnerabilities > Dlink > DIR 860L Firmware > 2.03.b03

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-20114 OS Command Injection vulnerability in Dlink Dir-818Lw Firmware and Dir-860L Firmware
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2018-03-06 CVE-2018-6530 OS Command Injection vulnerability in Dlink products
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2018-03-06 CVE-2018-6529 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6528 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1
2018-03-06 CVE-2018-6527 Cross-site Scripting vulnerability in Dlink products
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
network
low complexity
dlink CWE-79
6.1
6.1