ID
VAR-E-201304-0287
TITLE
D-Link DIR-600 and DIR-300 Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DIR-600 and DIR-300 are prone to the following security vulnerabilities:
1. Multiple command-injection vulnerabilities
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
4. A password encryption weakness
5. Multiple information-disclosure vulnerabilities
6. An HTTP-header-injection vulnerability
7. A security-bypass vulnerability
An attacker can exploit these issues to gain access to potentially sensitive information, decrypt stored passwords, execute arbitrary commands in the context of the affected device, steal cookie-based authentication credentials, perform unauthorized actions in the context of a user session, or redirect users to arbitrary sites and perform HTTP-request smuggling. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-300 | scope: | eq | version: | 1.05 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through readily available tools and a browser. To exploit the cross-site scripting and cross-sire request-forgery issues the attacker must entice an unsuspecting victim to follow a malicious URI.
The following metasploit module is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/59405.rb">/data/vulnerabilities/exploits/59405.rb</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Michael Messner
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 59405 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://www.dlink.com/products/?pid=565 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 59405 |
LAST UPDATE DATE
2022-07-27T09:42:51.939000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 59405 | date: | 2013-08-08T05:15:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 59405 | date: | 2013-04-22T00:00:00 |