Bugtraq mailing list archives
Dlink Di-604 router authenticated user ping tool Xss and DoS
From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash () dclabs com br>
Date: Tue, 8 Jun 2010 19:05:11 -0300
[DCA-0001] [Dlink Di-604 router authenticated user ping tool Xss and DoS] [vendor product description] The DI-604 combines the latest advancements in chip technology, low-cost design and manufacturing with new, feature-rich firewall and network management controls to give you quite possibly the most advanced, yet affordable Ethernet router to date. [Bug Description] 'Ping tools' web interface does not validate the ip textfield size leading to a Denial Of Service flaw by changing its size and sending more than 500 characters to it. This textfield is also prone to Cross Site Scripting. An authenticated user is required to exploit these security flaws. [History] Adv sent to vendor 05/25/2010 No vendor response Published 06/08/2010 [Impact] Low [Afected Version] All firmware [Vendor Reply] ------------------------------------------------------------------------------------------------ [Codes] No codes are needed -------------------------------------------- DcLabs - Sponsor: Crash crash () dclabs com br [Greetz] Ipax - Alequimico - Gr1nch - Raphx88 ------------------------------------
Current thread:
- Dlink Di-604 router authenticated user ping tool Xss and DoS Crash (Jun 09)
- <Possible follow-ups>
- Re: Dlink Di-604 router authenticated user ping tool Xss and DoS swbaes (Jun 16)