D-Link DIR-600M Wireless - Persistent Cross Site Scripting

vendor:

DIR-600M Wireless Router

by:

Prasenjit Kanti Paul

5.4

CVSS

MEDIUM

Persistent Cross Site Scripting

CWE

Product Name: DIR-600M Wireless Router

Affected Version From: 3.01

Affected Version To: 3.01

Patch Exists: YES

Related CWE: CVE-2018-6936

CPE: h:d-link:dir-600m_wireless_router

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux Mint

2018

D-Link DIR-600M Wireless – Persistent Cross Site Scripting

A persistent cross-site scripting vulnerability exists in D-Link DIR-600M Wireless routers with firmware version 3.01. An attacker can inject malicious JavaScript code into the router's web interface by creating a user with a specially crafted name. The code will be executed when the router's web interface is accessed by an authenticated user.

Mitigation:

Users should update their routers to the latest firmware version available from the vendor.

Source

Exploit-DB raw data:

########################################################################
# Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting
# Date: 11.02.2018
# Vendor Homepage:  http://www.dlink.co.in
# Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M
# Category: Hardware
# Exploit Author: Prasenjit Kanti Paul
# Web: http://hack2rule.wordpress.com/
# Hardware Version: C1
# Firmware version: 3.01
# Tested on: Linux Mint
# CVE: CVE-2018-6936
##########################################################################

Reproduction Steps:

   - Goto your wifi router gateway [i.e: http://192.168.0.1]
   - Go to --> "Maintainence" --> "Admin"
   - Create a user with name "<script>alert("PKP")</script>"
   - Refresh the page and you will be having "PKP" popup

Note: It can also be done by changing SSID name to "<script>alert("PKP")</script>"