Stored XSS via Unauthenticated SMB Vunerability on D‑Link NAS Devices

08 септември, 2016

Some D-Link DNS network attached storage contain a XSS vulnerability, which may allow a malicious attack. 
3rd Party Incident Report:
Benjamin Daniel Mussler - Link
Affected Devices:
Many of the affected products had firmware post prior to July 30, 2016. They are located in the list of downloadable files for each model. 

DNS-320 Fixed 2.05 - Link
DNS-320L/LW  Fixed 1.08 - Link   
DNS-325 Fixed 1.05 - Link
DNS-327L Fixed 1.07 - Link
DNS-340L Fixed 1.05 - Link   
DNS-345 Fixed 1.05 - Link 
We are working hard to provide fixes for the product marked "Under Development" and will post these as soon as they are available.
Please visit original  report at :