|
Description
|
|
A security issue and two vulnerabilities have been reported in D-Link DIR-655, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and bypass certain security restrictions.
1) An error related to management console can be exploited to gain access to otherwise restricted functionality.
2) Input passed via the "html_response_page" parameter to login.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) The application does not properly restrict access to the device.xml management console webpage, which can be exploited to disclose certain information.
The security issue and vulnerabilities are reported in hardware revision Bx firmware versions prior to 2.12b01.
|
