Summary
This host is running D-Link DIR-645 Router and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to cause denial of service or execute arbitrary HTML and script code in a user's browser session in context of an affected website.
Impact Level: Application
Solution
Upgrade to version 1.04B11, or higher,
For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000
Insight
Multiple flaws are due to,
- Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi When handling specially crafted requests.
- Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter in info.php and 'receiver' parameter in bsc_sms_send.php is not properly sanitised before being returned to the user.
Affected
D-Link DIR-645 firmware version 1.04 and prior
Detection
Send a crafted data via HTTP request and check whether it is able to read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-7389 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability