D-Link DIR-818LW Cross-Site Scripting Vulnerability in DHCP Reserved Address Handler

A cross-site scripting (XSS) vulnerability has been identified in the D-Link DIR-818LW router, specifically in version 1.04. The issue arises in the DHCP Reserved Address Handler component, within the '/bsc_lan.php' file. The vulnerability is triggered by manipulating the 'Name' parameter, allowing remote attackers to inject malicious scripts. This issue affects products that are no longer supported by the manufacturer.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the '/bsc_lan.php' file with a crafted 'Name' parameter that includes a script payload, such as an image tag with an 'onerror' event. This can be done manually or with an automated tool, targeting the D-Link DIR-818LW router running firmware version 1.04.