vendor:
DVG-2001s
by:
milw0rm.com
9.3
CVSS
HIGH
Cross-site Scripting (XSS) and Cross-site Request Forgery (XSRF)
79
CWE
Product Name: DVG-2001s
Affected Version From: 1.00.007
Affected Version To: 1.00.007
Patch Exists: YES
Related CWE: N/A
CPE: h:d-link:dvg-2001s
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
D-link VoIP Phone Adapter XSS and XSRF(remote firmware overwrite)
This exploit allows an attacker to remotely overwrite the firmware of a D-link VoIP Phone Adapter model number DVG-2001s with f/w version 1.00.007. The attacker can use a POST request to the URL http://10.1.1.166/Forms/cbi_Set_SW_Update?16640,0,0,0,0,0,0,0,0 with the parameters page_HiddenVar, TFTPServerAddress1, TFTPServerAddress2, TFTPServerAddress3, TFTPServerAddress4, FirmwareUpdate, and FileName. The attacker can also use a Cross-site Scripting (XSS) attack to bypass Cross-site Request Forgery (XSRF) protection by sending a GET request to the URL http://10.1.1.166/Forms/page_CfgDevInfo_Set?%3Cscript%3Ealert(%22hacked%22)%3C/script%3E.
Mitigation:
The vendor has released a firmware update to address this vulnerability.
