Details of VAR-201302-0527

ID

VAR-201302-0527

TITLE

D-Link DIR-300 has multiple HTML injection vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-00902

DESCRIPTION

The D-Link DIR-300 is a wireless router device. The D-Link DIR-300 has multiple input validation vulnerabilities that allow remote attackers to exploit vulnerabilities for HTML injection attacks to obtain sensitive information or hijack user sessions. The D-Link DIR-300 router is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. D-Link DIR-300 running firmware 1.3 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2013-00902 // BID: 57763

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-00902

AFFECTED PRODUCTS

vendor:

d link

model:

dir-300

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2013-00902

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-144

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 57763

EXTERNAL IDS

db:	BID	id:	57763	Trust: 1.5
db:	PACKETSTORM	id:	120057	Trust: 0.6
db:	CNVD	id:	CNVD-2013-00902	Trust: 0.6
db:	CNNVD	id:	CNNVD-201302-144	Trust: 0.6

sources: CNVD: CNVD-2013-00902 // BID: 57763 // CNNVD: CNNVD-201302-144

REFERENCES

url:	http://packetstormsecurity.com/files/120057/dlinkdir300-xss.txt	Trust: 0.6
url:	http://www.securityfocus.com/bid/57763	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2013-00902 // BID: 57763 // CNNVD: CNNVD-201302-144

CREDITS

Karn Ganeshen

Trust: 0.9

sources: BID: 57763 // CNNVD: CNNVD-201302-144

SOURCES

db:	CNVD	id:	CNVD-2013-00902
db:	BID	id:	57763
db:	CNNVD	id:	CNNVD-201302-144

LAST UPDATE DATE

2022-05-17T01:53:14.543000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00902	date:	2013-02-17T00:00:00
db:	BID	id:	57763	date:	2013-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201302-144	date:	2013-02-18T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-00902	date:	2013-02-17T00:00:00
db:	BID	id:	57763	date:	2013-02-06T00:00:00
db:	CNNVD	id:	CNNVD-201302-144	date:	2013-02-18T00:00:00