CVE-2021-41445 in DIR-X1860info

Summary

by MITRE • 02/10/2022

A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability CVE-2021-41445 represents a critical reflected cross-site scripting flaw discovered in D-Link DIR-X1860 router firmware versions prior to v1.10WWB09_Beta. This security weakness exists within the web application interface of the networking device, creating a pathway for remote attackers to exploit the system without requiring authentication credentials. The vulnerability stems from inadequate input validation and output encoding mechanisms within the router's web-based management interface, which fails to properly sanitize user-supplied data before incorporating it into web responses.

The technical implementation of this flaw allows an attacker to craft malicious URLs containing crafted script payloads that, when executed by an unsuspecting victim, can trigger cross-site scripting attacks. The reflected nature of this vulnerability means that malicious input is immediately reflected back to the user's browser without being stored on the server, making it particularly dangerous for social engineering attacks. The attack vector specifically targets the web application layer of the D-Link DIR-X1860 device, where user input parameters are processed and returned in web responses without proper sanitization.

The operational impact of this vulnerability extends beyond simple script execution, as it can enable attackers to perform various malicious activities including session hijacking, credential theft, and potentially full device compromise. An attacker could leverage this vulnerability to redirect victims to malicious websites, steal authentication cookies, or inject malicious scripts that persist in the victim's browser session. The unauthenticated nature of the attack means that any user with access to the network can exploit this vulnerability, making it particularly dangerous in environments where the router's web interface is accessible from untrusted networks.

This vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws in web applications, and demonstrates the classic pattern of reflected XSS where malicious input is immediately reflected back to the user. The attack follows ATT&CK technique T1566.001, which covers spearphishing with social engineering, as the attack requires tricking users into clicking malicious links. Organizations should implement immediate mitigations including firmware updates to version v1.10WWB09_Beta or higher, network segmentation to restrict access to the router's web interface, and user education to prevent clicking suspicious links. Additionally, implementing web application firewalls and input validation controls can provide additional layers of protection against similar vulnerabilities in the future.

Reservation

09/20/2021

Disclosure

02/10/2022

Moderation

accepted

CPE

ready

EPSS

0.02375

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!