vendor:
D-Link Routers
by:
7.5
CVSS
HIGH
Clear Text Storage of Passwords, Cross Site Scripting, Sensitive Information Disclosure
316, 79
CWE
Product Name: D-Link Routers
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested:
D-Link Router Vulnerabilities
The D-Link model routers (DIR-652, DIR-835, DIR-855L, DGL-5500, DHP-1565) suffer from vulnerabilities including clear text storage of passwords, cross-site scripting, and sensitive information disclosure. The clear text password vulnerability allows bypassing authentication and gaining access to the admin password stored in plain text. The cross-site scripting vulnerability occurs in the 'apply.cgi' file due to improper neutralization of user input. The sensitive information disclosure vulnerability allows an attacker to access sensitive information.
Mitigation:
Update the firmware to version 1.02b18/1.12b02 or newer. Be cautious while accessing the affected routers and ensure to use strong passwords.