14 DAY TRIAL // Experts have identified multiple cross-site scripting (XSS) vulnerabilities affecting the web user interface of D-Link 2760N (DSL-2760U-BN) routers.
Details of the vulnerabilities have been published by security researcher Liad Mizrachi on the Full Disclosure mailing list.
Both stored and reflected XSS flaws have been found. They impact sections of the web user interface such as NTS Settings, Dynamic DNS, Parental Control, URL Filtering, NAT – Port Triggering, IP Filtering, Policy Routing, Printer Server, Wi-Fi SSID, SAMBA Configuration, and others.
The expert reported his findings to D-Link on five separate occasions between August 17 and October 10, 2013. However, the company hasn’t responded to his reports. The security holes remain unfixed.
In mid-October, researchers from Tactical Network Solutions warned that hackers could have exploited vulnerabilities in the firmware of several D-Link router models to gain access to the devices’ web interface.