D-Link Router Vulnerable to Cross-Site Scripting

A security researcher has reported a number of reflected and stored XSS flaws in D-Link's 2760N routers (DSL-2760U-BN) through full disclosure mailing list. The multiple vulnerabilities are present in a various sections of the router's Web user-interface, such as Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, SNMP, Incoming IP Filter, Policy Routing Add, Policy Routing – Removal Error, Printer Server, SAMBA Configuration and Wi-Fi SSID.

Researcher Liad Mizrachi has contacted D-Link to disclose the details of the bugs to them on six separate occasions – twice in August, twice in September, and once in October – but the vendor has failed to respond to any of the disclosures.

The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI- 624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.

Read more -here-

• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages