ID
VAR-201405-0652
TITLE
Multiple vulnerabilities in D-Link DIR-855L and DIR-835
Trust: 0.6
DESCRIPTION
The D-Link DIR-855L and DIR-835 are router devices. There are several security vulnerabilities in D-Link DIR-855L and DIR-835: 1. The device fails to properly restrict access to the tools_admin.asp script, allowing attackers to exploit the vulnerability access restricted feature. 2. There is an error in processing requests through TCP 8080 and CGI/SSI/ accessing hnap.cgi to obtain sensitive information. 3. Inputs submitted via the \"action\" GET parameter are missing filtering before returning to the user, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack user sessions when malicious data is viewed.
Trust: 0.6
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-855l | scope: | - | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dir-835 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | D-Link DIR-855L and DIR-835 have multiple vulnerabilities | url: | https://www.cnvd.org.cn/patchinfo/show/45674 | Trust: 0.6 |
EXTERNAL IDS
| db: | SECUNIA | id: | 58194 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-03069 | Trust: 0.6 |
REFERENCES
| url: | http://secunia.com/advisories/58194/ | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2014-03069 |
LAST UPDATE DATE
2022-05-17T02:02:30.025000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-03069 | date: | 2014-05-20T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-03069 | date: | 2014-05-19T00:00:00 |