CVE-2018-7859

moderate-risk

Published 2019-12-30

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.

Do I need to act?

-

0.16% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Dgs-1510-20 Firmware

Dgs-1510-20 Firmware

Dgs-1510-20 Firmware

Dgs-1510-28 Firmware

Dgs-1510-28 Firmware

Dgs-1510-28 Firmware

Dgs-1510-28P Firmware

Dgs-1510-28P Firmware

Dgs-1510-28P Firmware

Dgs-1510-28X Firmware

Dgs-1510-28X Firmware

Dgs-1510-28X Firmware

Dgs-1510-28Xmp Firmware

Dgs-1510-28Xmp Firmware

Dgs-1510-28Xmp Firmware

Dgs-1510-52X Firmware

Dgs-1510-52X Firmware

Dgs-1510-52X Firmware

Dgs-1510-52Xmp Firmware

Dgs-1510-52Xmp Firmware

Affected Vendors

Dlink

References (2)

Vendor Advisory http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10...

Vendor Advisory http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10...

45

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High