ID
VAR-E-201304-0526
TITLE
D-Link DIR-635 Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DIR-635 is prone to the following security vulnerabilities:
1. An HTML-injection vulnerability
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
4. A security-bypass vulnerability
An attacker can exploit these issues to execute HTML and arbitrary script code in the browser of an unsuspecting user in the context of the affected device, steal cookie-based authentication credentials, and perform unauthorized actions in the context of a user session. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-635 2.34eu | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through readily available tools and a browser. To exploit the cross-site scripting and cross-sire request-forgery issues the attacker must entice an unsuspecting victim to follow a malicious URI.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Michael Messner
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 59514 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 59514 |
LAST UPDATE DATE
2022-07-27T09:12:06.849000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 59514 | date: | 2013-04-26T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 59514 | date: | 2013-04-26T00:00:00 |