Hello 3APA3A!
In 2011 and beginning of 2012 I wrote about multiple vulnerabilities (http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html) in D-Link DAP 1150 (several dozens). That time I wrote about vulnerabilities in admin panel in Access Point mode and now I'll write about holes in Router mode.
I present new vulnerabilities in this device. There are Cross-Site Request Forgery, Abuse of Functionality and Cross-Site Scripting vulnerabilities in D-Link DAP 1150 (Wi-Fi Access Point and Router).
SecurityVulns ID: 12076.
Vulnerable is the next model: D-Link DAP 1150, Firmware version 1.2.94. This model with other firmware versions also must be vulnerable. D-Link ignored all vulnerabilities in this device (as in other devices, which I informed them about) and still didn't fix them.
I remind you, that in the first report about vulnerabilities in D-Link DAP 1150 (http://securityvulns.ru/docs27440.html), I wrote about CSRF in login form and other vulnerabilities, which allow to remotely log into admin panel for conducting CSRF and XSS attacks inside admin panel.
CSRF (WASC-09):
In section Firewall / DMZ via CSRF it's possible to change settings of DMZ.
Turn on DMZ:
Turn off DMZ:
CSRF (WASC-09):
In section Control / URL-filter via CSRF it's possible to add, edit and delete settings of URL-filters.
Add:
Edit:
Delete:
Abuse of Functionality (WASC-42):
This functionality can be used to block access to web sites for users of the router. Block access to google.com:
XSS (WASC-08):
This is persistent XSS. The code will execute in section Control / URL-filter.
Attack via add function in parameter res_buf:
I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7112/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua