Full Disclosure mailing list archives
Medium security hole affecting DSL-G624T
From: Tim Brown <timb () nth-dimension org uk>
Date: Wed, 2 May 2007 23:43:58 +0100
Hi, I've identified a couple of security flaws affecting the DSL-G624T firmware. I believe the directory traversal issue has been reported in other devices / firmware versions supplied by D-Link but not the combination I tested and clearly has not been resolved. Additionally, the Javascript injection issue is I believe new and has not been reported on any device. These issues were reported by email to the vendor at the usual addresses (support/security/etc) without response on 13th April 2007. I also attempted to log faults on the vendors support web site but sadly, it would not function adequately using either Firefox nor Konqueror. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Attachment:
NDSA20070412.txt
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Medium security hole affecting DSL-G624T Tim Brown (May 03)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re: Medium security hole affecting DSL-G624T Tim Brown (May 04)
- Re: Medium security hole affecting DSL-G624T 3APA3A (May 03)