Cross-Site Scripting Vulnerability in D-Link DSL-G604T Router
CVE-2008-1253

Currently unrated

Key Information:

Vendor: D-link
Status: Dsl-g604t
Vendor: CVE Published:; 10 March 2008

What is CVE-2008-1253?

A Cross-Site Scripting (XSS) vulnerability exists in the cgi-bin/webcm component of the D-Link DSL-G604T router. This flaw permits remote attackers to inject arbitrary web scripts or HTML code via the var:category parameter. Notably, this was demonstrated by querying the advanced/portforw.htm page, which could compromise user sessions, enabling threat actors to manipulate site content viewed by legitimate users. Routers vulnerable to this issue may expose users to serious security risks, as attackers can exploit the XSS vulnerability for malicious purposes.

References

http://www.securityfocus.com/archive/1/489009/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.gnucitizen.org/projects/router-hacking-challenge/

x_refsource_MISC

http://www.securityfocus.com/bid/28439

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 10, 2008
Vulnerability Reserved
Mar 10, 2008

D-link

What is CVE-2008-1253?

References

Timeline