There are multiple cross-site scripting (XSS) vulnerabilities affecting the web user interface of D-Link 2760N (DSL-2760U-BN) routers, researchers said.
Details of the vulnerabilities published by security researcher Liad Mizrachi on the Full Disclosure mailing list.
The researcher found stored and reflected XSS flaws. They impact sections of the web user interface such as NTS Settings, Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, Policy Routing, Printer Server , Wi-Fi SSID, SAMBA Configuration, and others.
The researcher said he reported his findings to D-Link on five separate occasions between August 17 and October 10, 2013. However, the company hasn’t responded to his reports. The security holes remain unfixed.
In mid-October, researchers from Tactical Network Solutions warned that hackers could have exploited vulnerabilities in the firmware of several D-Link router models to gain access to the devices’ web interface.