ID
VAR-E-201507-0198
TITLE
D-Link DCS-2103 HTML Injection and Cross Site Request Forgery Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DCS-2103 is prone to an HTML-injection vulnerability and a cross-site request-forgery vulnerability.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dcs-2103 | scope: | eq | version: | 1.0.0 | Trust: 0.3 |
EXPLOIT
An attacker can exploit HTML-injection issue through a browser.
To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into visiting a malicious site.
The following example URI is available:
http://www.example.com/vb.htm?tstamplabel=</script><script>alert(document.cookie)</script>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 76096 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://websecurity.com.ua/7476/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 76096 |
LAST UPDATE DATE
2022-07-27T09:42:37.994000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 76096 | date: | 2015-07-29T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 76096 | date: | 2015-07-29T00:00:00 |