D-Link DI-604 "rf" Cross-Site Scripting Vulnerability - Advisories - Secunia

Tuesday, March 25, 2008 1:27 PM cmosby

D-Link DI-604 "rf" Cross-Site Scripting Vulnerability - Advisories - Secunia

D-Link DI-604 "rf" Cross-Site Scripting Vulnerability

Secunia Advisory:
SA29531
Release Date:
2008-03-25
Critical:

Less critical
Impact:
Cross Site Scripting
Where:
From remote
Solution Status:
Unpatched
OS:
D-Link DI-604 Broadband Router
CVE reference:
CVE-2008-1258 (Secunia mirror)
Description:
Jonas has reported a vulnerability in D-Link DI-604, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "rf" parameter in prim.htm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
Jonas

Original Advisory:
http://www.gnucitizen.org/projects/router-hacking-challenge/

Source: D-Link DI-604 "rf" Cross-Site Scripting Vulnerability - Advisories - Secunia

Filed under: Patch Management, Internet Explorer, Internet Applications, Security, Software Vulnerabilites

Comments

No Comments

Chris Mosby at myITforum.com

Search

Tags

News

Unique Visitors

Navigation

Archives

Microsoft Links

SMS Links

Great Blogs

My Links

Security Links

Anti-Virus Links

Things I Have Done or I Am Involved In

Published Works

D-Link DI-604 "rf" Cross-Site Scripting Vulnerability - Advisories - Secunia

Comments