← back
CVE-2019-11017

CVE-2019-11017

EPSS 1.5%
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46687unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152465/D-Link-DI-524-2.06RU-Cross-Site-Scripting.htmlhttps://www.exploit-db.com/exploits/46687