XSS Bugs in D-Link Routers

Wednesday, November 13, 2013 @ 11:11 PM gHale


There are multiple cross-site scripting (XSS) vulnerabilities affecting the web user interface of D-Link 2760N (DSL-2760U-BN) routers, researchers said.

Details of the vulnerabilities published by security researcher Liad Mizrachi on the Full Disclosure mailing list.

RELATED STORIES
Series of Bugs in Server Systems
IBM: Storage Vulnerability Alert
Holes in Netgear Devices
Cisco Security Advisories

The researcher found stored and reflected XSS flaws. They impact sections of the web user interface such as NTS Settings, Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, Policy Routing, Printer Server , Wi-Fi SSID, SAMBA Configuration, and others.

The researcher said he reported his findings to D-Link on five separate occasions between August 17 and October 10, 2013. However, the company hasn’t responded to his reports. The security holes remain unfixed.

In mid-October, researchers from Tactical Network Solutions warned that hackers could have exploited vulnerabilities in the firmware of several D-Link router models to gain access to the devices’ web interface.



Leave a Reply

You must be logged in to post a comment.