The Broadband Guide
search advanced

D-Link Router Vulnerable to Cross-Site Scripting

2013-11-12 09:30 by
Tags: , , ,


A security researcher has reported a number of reflected and stored XSS flaws in D-Link's 2760N routers (DSL-2760U-BN) through full disclosure mailing list. The multiple vulnerabilities are present in a various sections of the router's Web user-interface, such as Dynamic DNS, Parental Control, URL Filtering, NAT Port Triggering, IP Filtering, SNMP, Incoming IP Filter, Policy Routing Add, Policy Routing Removal Error, Printer Server, SAMBA Configuration and Wi-Fi SSID.

Researcher Liad Mizrachi has contacted D-Link to disclose the details of the bugs to them on six separate occasions twice in August, twice in September, and once in October but the vendor has failed to respond to any of the disclosures.

The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI- 624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About