There are multiple cross-site scripting (XSS) vulnerabilities affecting the web user interface of D-Link 2760N (DSL-2760U-BN) routers, researchers said.

Details of the vulnerabilities published by security researcher Liad Mizrachi on the Full Disclosure mailing list.

Series of Bugs in Server Systems
IBM: Storage Vulnerability Alert
Holes in Netgear Devices
Cisco Security Advisories

The researcher found stored and reflected XSS flaws. They impact sections of the web user interface such as NTS Settings, Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, Policy Routing, Printer Server , Wi-Fi SSID, SAMBA Configuration, and others.

The researcher said he reported his findings to D-Link on five separate occasions between August 17 and October 10, 2013. However, the company hasn’t responded to his reports. The security holes remain unfixed.

Schneider Bold

In mid-October, researchers from Tactical Network Solutions warned that hackers could have exploited vulnerabilities in the firmware of several D-Link router models to gain access to the devices’ web interface.

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest

Share This