CVE-2021-41445

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
dlinkdir-x1860_firmware
𝑥
≤ 1.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://d-link.com
http://dir-x1860.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283
https://www.dlink.com/en/security-bulletin/
http://d-link.com
http://dir-x1860.com
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10283
https://www.dlink.com/en/security-bulletin/