ID
VAR-201005-0435
TITLE
D-Link DI-724P+ Router 'wlap.htm' HTML Injection Vulnerability
Trust: 0.9
DESCRIPTION
The D-Link DI-724P+ is a wireless router device. In the device management WEB interface, under the \"wireless\" tab, the script can be injected from the GET string. By injecting arbitrary HTML and malicious script code, it can be executed on the target user's browser. The affected URL is: http://192.168.0.1/wlap.htm. D-Link DI-724P+ router is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible
Trust: 0.81
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | d link | model: | di-724p+ di-724p+ | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | di-724p+ | scope: | eq | version: | 0 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 40261 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-0907 | Trust: 0.6 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2010/may/262 | Trust: 0.9 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
CREDITS
w01f
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-0907 |
| db: | BID | id: | 40261 |
LAST UPDATE DATE
2022-05-17T02:09:17.960000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-0907 | date: | 2010-05-20T00:00:00 |
| db: | BID | id: | 40261 | date: | 2010-05-19T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-0907 | date: | 2010-05-20T00:00:00 |
| db: | BID | id: | 40261 | date: | 2010-05-19T00:00:00 |