D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability
No exploit is required, but an example was provided:
By sending four requests, all containing hostnames like the following, a complete HTML tag would be rendered, instructing the browser to request the 'restore.cgi' file.
' height=0 id='
' width=0 id='