Sign-up

ID

VAR-200809-0058


CVE

CVE-2008-4133


TITLE

D-Link DIR-100 upper Web In proxy service Web Vulnerability bypassing restriction filters

Trust: 0.8

sources: JVNDB: JVNDB-2008-003444

DESCRIPTION

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. D-Link DIR-100 is a small broadband router with integrated firewall function.  There are loopholes in the implementation of DIR-100's web management interface. If users use a long URL of about 1300 characters in a web browser, they can bypass URL filtering performed by the built-in firewall of D-Link DIR-100 router. Access to restricted resources. D-Link DIR-100 is affected by a vulnerability that allows attackers to bypass security restrictions and access sites that are blocked by an administrator. D-Link DIR-100 devices with firmware 1.12 are vulnerable; other versions may be affected as well. ---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: D-Link DIR-100 Ethernet Broadband Router URL Filtering Bypass SECUNIA ADVISORY ID: SA31767 VERIFY ADVISORY: http://secunia.com/advisories/31767/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: D-Link DIR-100 Ethernet Broadband Router http://secunia.com/product/19762/ DESCRIPTION: Marc Ruef has reported a vulnerability in D-Link DIR-100 Ethernet Broadband Router, which can be exploited by malicious people to bypass the URL filtering functionality. The vulnerability is caused due to an error within the parental control when handling certain requested URLs and can be exploited to access forbidden websites via long, specially crafted requests. SOLUTION: Do not rely on the filtering mechanism. PROVIDED AND/OR DISCOVERED BY: Marc Ruef, scip AG ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064303.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2008-4133 // JVNDB: JVNDB-2008-003444 // CNVD: CNVD-2008-4325 // BID: 31050 // VULHUB: VHN-34258 // PACKETSTORM: 69757

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2008-4325

AFFECTED PRODUCTS

vendor:d linkmodel:dir-100scope:eqversion:1.12

Trust: 1.9

vendor:d linkmodel:dir-100scope:eqversion:1.02

Trust: 1.6

vendor:d linkmodel:dir-100scope:lteversion:firmware 1.12

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2008-4325 // BID: 31050 // JVNDB: JVNDB-2008-003444 // CNNVD: CNNVD-200809-264 // NVD: CVE-2008-4133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-4133
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-4133
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200809-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-34258
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-4133
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34258
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34258 // JVNDB: JVNDB-2008-003444 // CNNVD: CNNVD-200809-264 // NVD: CVE-2008-4133

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-34258 // JVNDB: JVNDB-2008-003444 // NVD: CVE-2008-4133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200809-264

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200809-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-003444

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-34258

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-003444

EXTERNAL IDS
db:NVDid:CVE-2008-4133
Trust: 3.4
db:BIDid:31050
Trust: 2.0
db:SECUNIAid:31767
Trust: 1.8
db:SREASONid:4276
Trust: 1.7
db:SECTRACKid:1020825
Trust: 1.7
db:JVNDBid:JVNDB-2008-003444
Trust: 0.8
db:CNVDid:CNVD-2008-4325
Trust: 0.6
db:XFid:100
Trust: 0.6
db:XFid:44961
Trust: 0.6
db:FULLDISCid:20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION
Trust: 0.6
db:BUGTRAQid:20080908 [SCIP_ADVISORY 3808] D-LINK DIR-100 LONG URL FILTER EVASION
Trust: 0.6
db:CNNVDid:CNNVD-200809-264
Trust: 0.6
db:EXPLOIT-DBid:32336
Trust: 0.1
db:SEEBUGid:SSVID-85630
Trust: 0.1
db:VULHUBid:VHN-34258
Trust: 0.1
db:PACKETSTORMid:69757
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2008-4325 // 
            
            
            
            VULHUB: VHN-34258 // 
            
            
            
            BID: 31050 // 
            
            
            
            JVNDB: JVNDB-2008-003444 // 
            
            
            
            PACKETSTORM: 69757 // 
            
            
            
            CNNVD: CNNVD-200809-264 // 
            
            
            
            NVD: CVE-2008-4133

REFERENCES
url:http://www.securityfocus.com/bid/31050
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html
Trust: 1.7
url:http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808
Trust: 1.7
url:http://www.securitytracker.com/id?1020825
Trust: 1.7
url:http://secunia.com/advisories/31767
Trust: 1.7
url:http://securityreason.com/securityalert/4276
Trust: 1.7
url:http://www.securityfocus.com/archive/1/496072/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44961
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4133
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4133
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/44961
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/496072/100/0/threaded
Trust: 0.6
url:http://www.dlink.co.uk/?go=jn7uaylx/oijawvudlyzu93ygjvykujxstvhlpg3yv3ov41/haltbnlwaarp7touamu5j3cf/yenbs7l1kfnl0sstuzf
Trust: 0.3
url:/archive/1/496072
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/31767/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://lists.grok.org.uk/pipermail/full-disclosure/2008-september/064303.html
Trust: 0.1
url:http://secunia.com/product/19762/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34258 // 
            
            
            
            BID: 31050 // 
            
            
            
            JVNDB: JVNDB-2008-003444 // 
            
            
            
            PACKETSTORM: 69757 // 
            
            
            
            CNNVD: CNNVD-200809-264 // 
            
            
            
            NVD: CVE-2008-4133

CREDITS
Marc Ruef
Trust: 0.3
sources:
            
            
            BID: 31050

SOURCES
db:CNVDid:CNVD-2008-4325
db:VULHUBid:VHN-34258
db:BIDid:31050
db:JVNDBid:JVNDB-2008-003444
db:PACKETSTORMid:69757
db:CNNVDid:CNNVD-200809-264
db:NVDid:CVE-2008-4133

LAST UPDATE DATE
2025-04-10T22:57:32.272000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2008-4325date:2008-09-06T00:00:00
db:VULHUBid:VHN-34258date:2018-10-11T00:00:00
db:BIDid:31050date:2015-04-16T17:54:00
db:JVNDBid:JVNDB-2008-003444date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200809-264date:2009-01-29T00:00:00
db:NVDid:CVE-2008-4133date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2008-4325date:2008-09-06T00:00:00
db:VULHUBid:VHN-34258date:2008-09-19T00:00:00
db:BIDid:31050date:2008-09-08T00:00:00
db:JVNDBid:JVNDB-2008-003444date:2012-06-26T00:00:00
db:PACKETSTORMid:69757date:2008-09-09T20:50:53
db:CNNVDid:CNNVD-200809-264date:2008-09-19T00:00:00
db:NVDid:CVE-2008-4133date:2008-09-19T17:15:05.593