• Home Support Forums Security Advisories Shop     English | French
Support Announcement
CVE-2018-7859 :: DGS-1510 Gigabit SmartPro Stackable Swtich Series affected by Reflected XSS Vulnerability

Summary

A security vulnerability in DGS-1510-series switches that may allow an attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.
 

3rd Party Report:

Varang Amin
February 21st, 2018
 

Official Disclosure:

CVE-2018-7859 : Please read CVE for further information regarding the potential exploit


Affected Products:

DGS-1510 Revision A Family Series Switches

  • DGS-1510-20
  • DGS-1510-28
  • DGS-1510-28P
  • DGS-1510-28X
  • DGS-1510-28XMP
  • DGS-1510-52X
  • DGS-1510-52XMP


Affected Firmware:

  • 1.31.B003 and older
  • 1.30.007
  • 1.20.011


Corrected Firmware:

DGS-1510 Series        Revision Ax        HERE

 

 

Security patch for your D-Link Devices
 
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.