Bugtraq: Medium security hole affecting DSL-G624T

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Medium security hole affecting DSL-G624T

From: Tim Brown <timb () nth-dimension org uk>
Date: Wed, 2 May 2007 23:43:58 +0100

Hi,

I've identified a couple of security flaws affecting the DSL-G624T firmware.  
I believe the directory traversal issue has been reported in other devices / 
firmware versions supplied by D-Link but not the combination I tested and 
clearly has not been resolved.  Additionally, the Javascript injection issue 
is I believe new and has not been reported on any device.

These issues were reported by email to the vendor at the usual addresses 
(support/security/etc) without response on 13th April 2007.  I also attempted 
to log faults on the vendors support web site but sadly, it would not 
function adequately using either Firefox nor Konqueror.

Tim
-- 
Tim Brown
<mailto:timb () nth-dimension org uk>
<http://www.nth-dimension.org.uk/>

Attachment: NDSA20070412.txt
Description:

By Date By Thread

Current thread:

Medium security hole affecting DSL-G624T Tim Brown (May 03)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)
  - Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
    - Re[2]: Medium security hole affecting DSL-G624T 3APA3A (May 04)
    - Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)