• Home Support Forums Security Advisories Shop     English | French
Support Announcement
D-Link NAS : DNS Series : Stored XSS via Unauthenticated SMB Security Advisory

 

Some active D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious.

 

3rd Party Incident Report:

 

Benjamin Daniel Mussler - Link

 

Affected Devices:

 

Many of the affected products had firmware post prior to July 30, 2016. They are located wth the  list of downloadable files for each model. 

 

A Summary of links to the support product pages follow.

 

  • DNS-320 rev A  :: Fixed 2.05b10  :: Link
  • DNS-320 rev B  :: Fixed 2.05b10  :: Link  
  • DNS-320L :: Fixed 1.08b06 : Link   
  • DNS-325   :  Fixed 1.05b09 : Link
  • DNS-327L :  Fixed 1.07 : Link
  • DNS-340L : Fixed 1.04b04 : Link   
  • DNS-345  : Fixed 1.05b04 : Link

 

Details:

 

Please visit original  report at :  http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html