Discovered Date: May 14, 2010
System affected: D-Link DI-724P+ Router, Firmware Version: v1.03
Discovered by: w01f
Vulnerability Description:
==================
The XSS vulnerability is found in the Admin Web interface. It is accessible using http://192.168.0.1 (by default). Script can be injected from the GET string. This can be exploited by injecting arbitrary HTML and malicious script code, which will execute in a user's browser session.
Vulnerability testing:
===============
Vulnerable URL: http://192.168.0.1/wlap.htm
Tested with: Windows XP with Internet Explorer 7, using Web proxy
In the Admin web interface, under the "wireless" tab, i injected a simple "alert("You are hack!")" script in the GET string. It was executed and display on the web browser.
Remediation:
==========
According to D-Link, the router is out of support and will not be releasing any patches. Continue using on your own risk.
References:
- SecurityFocus: D-Link DI-724P+ Router 'wlap.htm' HTML Injection Vulnerability
- OSVDB 65002 : D-Link DI-724P+ Admin Interface wlap.htm GET String XSS
- SANS: @RISK: The Consensus Security Vulnerability Alert
- Packet Storm: dlinkdi724p-xss.txt
- Full Disclosure: D-Link DI-724P+ Router - Cross Site Scripting Vulnerability
