|
Description
|
|
Roberto Paleari has reported multiple vulnerabilities in D-Link DIR-645, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable device.
1) A boundary error within /usr/sbin/widget when handling passed hash values can be exploited to cause a stack-based buffer overflow.
2) A boundary error within /hedwig.cgi when handing cookie values can be exploited to cause a stack-based buffer overflow.
3) A boundary error within /authentication.cgi when handing password values can be exploited to cause a buffer overflow.
4) Input passed via multiple parameters to multiple scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
List of affected scripts and parameters:
<a href="http://[host]/parentalcontrols/bind.php?deviceid
" target="_blank">http://[host]/parentalcontrols/bind.php?deviceid
</a>
<a href="http://[host]/info.php?RESULT
" target="_blank">http://[host]/info.php?RESULT
</a>
<a href="http://[host]/bsc_sms_send.php?receiver
" target="_blank">http://[host]/bsc_sms_send.php?receiver
</a>
Successful exploitation of vulnerabilities #1 through #3 may allow execution of arbitrary code.
The vulnerabilities are reported in version 1.03B08. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable OS:
D-Link DIR-645 1.xVulnerable Software:
|
|
|
|
|
|
Solution
|
|
Update to version 1.04B11.ftp://ftp2.dlink.com/PRODUCTS/DIR-645/REVA/DIR-645_FIRMWARE_1.04B11.ZIP
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
D-Link:
http://www.dlink.com/uk/en/support/product/dir-645-wireless-n-home-router-1000
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008
Roberto Paleari:
http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
