D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability

No exploit is required, but an example was provided:

By sending four requests, all containing hostnames like the following, a complete HTML tag would be rendered, instructing the browser to request the 'restore.cgi' file.
<iframe id='
' height=0 id='
' width=0 id='
' src='restore.cgi'>


 

Privacy Statement
Copyright 2010, SecurityFocus