Stored XSS via Unauthenticated SMB Vunerability on D-Link NAS Devices
08 septembre, 2016
Some D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious attack.
3rd Party Incident Report:
Benjamin Daniel Mussler - Link
Affected Devices:
Many of the affected products had firmware post prior to July 30, 2016. They are located in the list of downloadable files for each model.
DNS-320 Fixed 2.05 - Link
DNS-320L/LW Fixed 1.08 - Link
DNS-325 Fixed 1.05 - Link
DNS-327L Fixed 1.07 - Link
DNS-340L Fixed 1.05 - Link
DNS-345 Fixed 1.05 - Link
We are working hard to provide fixes for the product marked "Under Development" and will post these as soon as they are available.
Details:
Please visit original report at : http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html
3rd Party Incident Report:
Benjamin Daniel Mussler - Link
Affected Devices:
Many of the affected products had firmware post prior to July 30, 2016. They are located in the list of downloadable files for each model.
DNS-320 Fixed 2.05 - Link
DNS-320L/LW Fixed 1.08 - Link
DNS-325 Fixed 1.05 - Link
DNS-327L Fixed 1.07 - Link
DNS-340L Fixed 1.05 - Link
DNS-345 Fixed 1.05 - Link
We are working hard to provide fixes for the product marked "Under Development" and will post these as soon as they are available.
Details:
Please visit original report at : http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html