Sign-up

ID

VAR-201003-0357


CVE

CVE-2010-0936


TITLE

D-LINK DKVM-IP8 auth.asp page cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-3531 // CNNVD: CNNVD-201003-096

DESCRIPTION

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter. D-LINK DKVM-IP8 is an 8-port KVM switch that can be used to control multiple devices at the same time. DKVM-IP8 does not properly filter the nickname parameter submitted to the auth.asp page and returns it to the user. D-LINK DKVM-IP8 is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ---------------------------------------------------------------------- Accurate Vulnerability Scanning No more false positives, no more false negatives http://secunia.com/vulnerability_scanning/ ---------------------------------------------------------------------- TITLE: D-Link DKVM-IP8 "auth.asp" Cross-Site Scripting SECUNIA ADVISORY ID: SA38051 VERIFY ADVISORY: http://secunia.com/advisories/38051/ DESCRIPTION: A vulnerability has been reported in D-Link DKVM-IP8, which can be exploited by malicious people to conduct cross-site scripting attacks. SOLUTION: Filter malicious characters and character sequences in a web proxy. PROVIDED AND/OR DISCOVERED BY: Popcorn ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2010-0936 // JVNDB: JVNDB-2010-003886 // CNVD: CNVD-2010-3531 // BID: 37646 // VULHUB: VHN-43541 // PACKETSTORM: 85115

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-3531

AFFECTED PRODUCTS

vendor:d linkmodel:dkvm-ip8scope:eqversion:2282_dlinka4_p8_20071213

Trust: 1.6

vendor:d linkmodel:dkvm-ip8scope:eqversion:firmware 2282_dlinka4_p8_20071213

Trust: 0.8

vendor:dkvm ip8model:d-linkscope: - version: -

Trust: 0.6

vendor:d linkmodel:dkvm-ip8scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2010-3531 // BID: 37646 // JVNDB: JVNDB-2010-003886 // CNNVD: CNNVD-201003-096 // NVD: CVE-2010-0936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0936
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0936
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2010-3531
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201003-096
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43541
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0936
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2010-3531
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-43541
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2010-3531 // VULHUB: VHN-43541 // JVNDB: JVNDB-2010-003886 // CNNVD: CNNVD-201003-096 // NVD: CVE-2010-0936

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-43541 // JVNDB: JVNDB-2010-003886 // NVD: CVE-2010-0936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-096

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 85115 // CNNVD: CNNVD-201003-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003886

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43541

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003886

EXTERNAL IDS
db:NVDid:CVE-2010-0936
Trust: 3.4
db:BIDid:37646
Trust: 2.6
db:SECUNIAid:38051
Trust: 1.8
db:EXPLOIT-DBid:11030
Trust: 1.7
db:VUPENid:ADV-2010-0083
Trust: 1.7
db:OSVDBid:61615
Trust: 1.7
db:JVNDBid:JVNDB-2010-003886
Trust: 0.8
db:CNNVDid:CNNVD-201003-096
Trust: 0.7
db:CNVDid:CNVD-2010-3531
Trust: 0.6
db:XFid:8
Trust: 0.6
db:XFid:55429
Trust: 0.6
db:MISCid:HTTP://WWW.EXPLOIT-DB.COM/EXPLOITS/11030
Trust: 0.6
db:NSFOCUSid:14595
Trust: 0.6
db:EXPLOIT-DBid:33471
Trust: 0.1
db:SEEBUGid:SSVID-67428
Trust: 0.1
db:SEEBUGid:SSVID-86690
Trust: 0.1
db:VULHUBid:VHN-43541
Trust: 0.1
db:PACKETSTORMid:85115
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-3531 // 
            
            
            
            VULHUB: VHN-43541 // 
            
            
            
            BID: 37646 // 
            
            
            
            JVNDB: JVNDB-2010-003886 // 
            
            
            
            PACKETSTORM: 85115 // 
            
            
            
            CNNVD: CNNVD-201003-096 // 
            
            
            
            NVD: CVE-2010-0936

REFERENCES
url:http://www.securityfocus.com/bid/37646
Trust: 1.7
url:http://www.exploit-db.com/exploits/11030
Trust: 1.7
url:http://osvdb.org/61615
Trust: 1.7
url:http://secunia.com/advisories/38051
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/0083
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/55429
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0936
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0936
Trust: 0.8
url:http://www.securityfocus.com/bid/37646/info
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/55429
Trust: 0.6
url:http://www.nsfocus.net/vulndb/14595
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/38051/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-3531 // 
            
            
            
            VULHUB: VHN-43541 // 
            
            
            
            BID: 37646 // 
            
            
            
            JVNDB: JVNDB-2010-003886 // 
            
            
            
            PACKETSTORM: 85115 // 
            
            
            
            CNNVD: CNNVD-201003-096 // 
            
            
            
            NVD: CVE-2010-0936

CREDITS
POPCORN
Trust: 0.9
sources:
            
            
            BID: 37646 // 
            
            
            
            CNNVD: CNNVD-201003-096

SOURCES
db:CNVDid:CNVD-2010-3531
db:VULHUBid:VHN-43541
db:BIDid:37646
db:JVNDBid:JVNDB-2010-003886
db:PACKETSTORMid:85115
db:CNNVDid:CNNVD-201003-096
db:NVDid:CVE-2010-0936

LAST UPDATE DATE
2025-04-11T20:58:21.027000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-3531date:2010-01-06T00:00:00
db:VULHUBid:VHN-43541date:2017-08-17T00:00:00
db:BIDid:37646date:2015-04-13T21:03:00
db:JVNDBid:JVNDB-2010-003886date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201003-096date:2010-03-08T00:00:00
db:NVDid:CVE-2010-0936date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-3531date:2010-01-06T00:00:00
db:VULHUBid:VHN-43541date:2010-03-08T00:00:00
db:BIDid:37646date:2010-01-06T00:00:00
db:JVNDBid:JVNDB-2010-003886date:2012-06-26T00:00:00
db:PACKETSTORMid:85115date:2010-01-14T08:06:40
db:CNNVDid:CNNVD-201003-096date:2010-01-06T00:00:00
db:NVDid:CVE-2010-0936date:2010-03-08T15:30:00.513