This host is running D-Link DIR-645 Router and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to cause denial of service or execute arbitrary HTML and script code in a user's browser session in context of an affected website. Impact Level: Application

Upgrade to version 1.04B11, or higher, For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000

Multiple flaws are due to, - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi When handling specially crafted requests. - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter in info.php and 'receiver' parameter in bsc_sms_send.php is not properly sanitised before being returned to the user.

D-Link DIR-645 firmware version 1.04 and prior

Send a crafted data via HTTP request and check whether it is able to read the cookie or not.

• http://packetstormsecurity.com/files/122659
• http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt
• http://www.exploit-db.com/exploits/27283
• http://www.osvdb.org/95910
• http://www.securityfocus.com/archive/1/527705

---

Updated on 2017-03-28