D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML注入漏洞

D-Link DI-614+ SOHO路由器
运行固件2.30，且DI-704 SOHO路由器运行件2.60B2， 和DI-624时存在跨站脚本(XSS)漏洞。远程攻击者借助DHCP请求中的DHCP HOSTNAME选项注入任意脚本或者HTML。

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: dlink614-dhcp-xss(16468)
链接:http://xforce.iss.net/xforce/xfdb/16468

来源: SECTRACK
名称: 1010562
链接:http://securitytracker.com/id?1010562

来源: BID
名称: 10587
链接:http://www.securityfocus.com/bid/10587

来源: OSVDB
名称: 7211
链接:http://www.osvdb.org/7211

来源: SECUNIA
名称: 11919
链接:http://secunia.com/advisories/11919

来源: BUGTRAQ
名称: 20040621 DLINK 704, script injection vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108797273127182&w=2

来源: BUGTRAQ
名称: 20040621 DLINK 614+, script injection vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108786257609932&w=2

来源: BUGTRAQ
名称: 20040701 DLINK 624, script injection vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html