Cross-Site Scripting Vulnerability in D-Link Di-604 Router
CVE-2010-2292

Currently unrated

Key Information:

Vendor: D-link
Status: Di-604
Vendor: CVE Published:; 15 June 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the web interface of the D-Link Di-604 router, specifically within the Ping tools feature. This flaw permits remote attackers to inject arbitrary web scripts or HTML through manipulation of the IP field, potentially allowing for malicious activities, such as hijacking user sessions or redirecting users to malicious sites. As a result, the integrity and confidentiality of user interactions with the router can be compromised.

References

http://www.securityfocus.com/archive/1/511751/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/59364

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/40691

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 15, 2010
Vulnerability Reserved
Jun 14, 2010