Support Announcements
D-Link NAS : DNS Series : Stored XSS via Unauthenticated SMB Security Advisory

 

Some active D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious.

 

3rd Party Incident Report:

 

Benjamin Daniel Mussler - Link

 

Affected Devices:

 

Many of the affected products had firmware post prior to July 30, 2016. They are located wth the  list of downloadable files for each model. 

 

A Summary of links to the support product pages follow.

 

  • DNS-320 rev A  :: Fixed 2.05b10  :: Link
  • DNS-320 rev B  :: Fixed 2.05b10  :: Link  
  • DNS-320L :: Fixed 1.08b06 : Link   
  • DNS-325   : Under Development  as of 09/01/16
  • DNS-327L : Under Development as of 0901/16
  • DNS-340L : Fixed 1.04b04 : Link   
  • DNS-345  : Under Development as of 09/01/16  

 

The units that are marked Under Development are products that are End of Life. We are attempting to get fixes for thses issues out as soon as possilbe.

 

Details:

 

Please visit original  report at :  http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html