D-Link Router Vulnerable to Cross-Site Scripting2013-11-12 09:30 by DanielaTags: D-Link, security, XSS, DSL-2760U
A security researcher has reported a number of reflected and stored XSS flaws in D-Link's 2760N routers (DSL-2760U-BN) through full disclosure mailing list. The multiple vulnerabilities are present in a various sections of the router's Web user-interface, such as Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, SNMP, Incoming IP Filter, Policy Routing Add, Policy Routing – Removal Error, Printer Server, SAMBA Configuration and Wi-Fi SSID. Researcher Liad Mizrachi has contacted D-Link to disclose the details of the bugs to them on six separate occasions – twice in August, twice in September, and once in October – but the vendor has failed to respond to any of the disclosures. The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI- 624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug. Read more -here-
Post your review/comments
rate:
avg:
|