D-Link DIR-855L and DIR-835 Multiple Vulnerabilities
Release Date : 2014-05-15
Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Exposure of system information
Where : From remote
Solution Status: Unpatched
A weakness, a security issue, and a vulnerability have been reported in multiple D-Link products, which can be exploited by malicious people to disclose certain system information, bypass certain security restrictions, and conduct cross-site scripting attacks.
1) The device does not properly restrict access to the tools_admin.asp script, which can be exploited to access otherwise restricted functionality and subsequently disclose the administrative credentials.
2) An unspecified error exists when handling requests to hnap.cgi via TCP port 8080 and cgi/ssi/, which can be exploited to disclose certain system architecture information.
3) Input passed via the "action" GET parameter to apply.cgi (when "html_response_page" is set to "login_pic.asp" and "graph_code", "session_id", "login_n", "login_name", "log_pass", "gcode_base64", and "tmp_log_pass" are set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The weakness, security issue, and vulnerability are reported in the following products and firmware versions:
* D-Link DIR-855L firmware version 1.02b08 (HW version Ax) and prior
* D-Link DIR-835 firmware version 1.04b04 (HW version Ax) and prior
Apply firmware update when available.
Provided and/or discovered by:
Reported by the vendor.
Was this reply helpful? (0) (0)