Details of VAR-E-201609-0074

ID

VAR-E-201609-0074

CVE

cve_id:

CVE-2016-10699

Trust: 0.3

sources: BID: 101622

TITLE

D-Link DSL-2740E ADSL Router Multiple HTML Injection Vulnerabilities

Trust: 0.3

sources: BID: 101622

DESCRIPTION

D-Link DSL-2740E ADSL Router is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Trust: 0.3

sources: BID: 101622

AFFECTED PRODUCTS

vendor:

d link

model:

dsl-2740e 1.00 bg 20150720

scope:

version:

Trust: 0.3

sources: BID: 101622

EXPLOIT

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Trust: 0.3

sources: BID: 101622

PRICE

Free

Trust: 0.3

sources: BID: 101622

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 101622

CREDITS

Jose Tozo of Trustwave

Trust: 0.3

sources: BID: 101622

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10699	Trust: 0.3
db:	BID	id:	101622	Trust: 0.3

sources: BID: 101622

REFERENCES

url:	https://www.trustwave.com/resources/security-advisories/advisories/twsl2016-018/?fid=8411	Trust: 0.3
url:	http://www.d-link.com	Trust: 0.3

sources: BID: 101622

SOURCES

db:

BID

id:

101622

LAST UPDATE DATE

2022-07-27T09:27:12.073000+00:00

SOURCES UPDATE DATE

db:

BID

id:

101622

date:

2017-12-19T22:36:00

SOURCES RELEASE DATE

db:

BID

id:

101622

date:

2016-09-16T00:00:00