Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

D-Link DIR-615 XSS Via DHCP

Vendor:D-Link

Product: DIR-615

Version: 20.07

Hardware Version: T1

Vendor Homepage: http://us.dlink.com/

CVE: CVE-2018-15874

NVD: CVE-2018-15874

Vulnerability detail

Verification Steps:

  1. In the xss_dhcp.py script set the 'interface' and 'mac' variable.
    • Set 'interface' to the network adapter's name
    • Set 'mac' to the network adapter's mac address
  2. Set the 'hostname' variable in the dhcp_request function to some arbitrary javascript
    • e.g.
    <script>alert('xss')</script>
  3. Set the 'siaddr' variable in the dhcp_request function to the D-Link router's local IP address
  4. Connect to the router which is undergoing the test
  5. Run the python script with administrator privileges
  6. Navigate to the Status->ActiveClientTable tab in the router admin page to verify that the javascript was uploaded alt text