Summary
This host is running D-Link DIR-645 Router and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to cause denial of service or execute arbitrary HTML and script code in a user's browser session in context of an affected website.
Impact Level: Application
Solution
Upgrade to version 1.04B11, or higher,
For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000
Insight
Multiple flaws are due to,
- Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi When handling specially crafted requests.
- Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter in info.php and 'receiver' parameter in bsc_sms_send.php is not properly sanitised before being returned to the user.
Affected
D-Link DIR-645 firmware version 1.04 and prior
Detection
Send a crafted data via HTTP request and check whether it is able to read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-7389 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- aeNovo Database Content Disclosure Vulnerability