Vulnerabilites related to dlink - dsl-2760u
cve-2013-5223
Vulnerability from cvelistv5
Published
2013-11-15 20:00
Modified
2025-02-07 14:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99611"
},
{
"name": "99609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99609"
},
{
"name": "dlink-cve20135223-xss(88723)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"name": "dlink-cve20135223-multiple-xss(88724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"name": "99605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"name": "99607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99607"
},
{
"name": "99608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99608"
},
{
"name": "99606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99606"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99610"
},
{
"name": "99604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99604"
},
{
"name": "99615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99615"
},
{
"name": "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Nov/76"
},
{
"name": "99603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99603"
},
{
"name": "99612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99612"
},
{
"name": "99616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99616"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123976"
},
{
"name": "99613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/99613"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2013-5223",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:11:58.190782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-5223"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T14:17:39.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "99611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99611"
},
{
"name": "99609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99609"
},
{
"name": "dlink-cve20135223-xss(88723)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"name": "dlink-cve20135223-multiple-xss(88724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"name": "99605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"name": "99607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99607"
},
{
"name": "99608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99608"
},
{
"name": "99606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99606"
},
{
"name": "99610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99610"
},
{
"name": "99604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99604"
},
{
"name": "99615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99615"
},
{
"name": "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Nov/76"
},
{
"name": "99603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99603"
},
{
"name": "99612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99612"
},
{
"name": "99616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99616"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123976"
},
{
"name": "99613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/99613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99611",
"refsource": "OSVDB",
"url": "http://osvdb.org/99611"
},
{
"name": "99609",
"refsource": "OSVDB",
"url": "http://osvdb.org/99609"
},
{
"name": "dlink-cve20135223-xss(88723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"name": "dlink-cve20135223-multiple-xss(88724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"name": "99605",
"refsource": "OSVDB",
"url": "http://osvdb.org/99605"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"name": "99607",
"refsource": "OSVDB",
"url": "http://osvdb.org/99607"
},
{
"name": "99608",
"refsource": "OSVDB",
"url": "http://osvdb.org/99608"
},
{
"name": "99606",
"refsource": "OSVDB",
"url": "http://osvdb.org/99606"
},
{
"name": "99610",
"refsource": "OSVDB",
"url": "http://osvdb.org/99610"
},
{
"name": "99604",
"refsource": "OSVDB",
"url": "http://osvdb.org/99604"
},
{
"name": "99615",
"refsource": "OSVDB",
"url": "http://osvdb.org/99615"
},
{
"name": "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Nov/76"
},
{
"name": "99603",
"refsource": "OSVDB",
"url": "http://osvdb.org/99603"
},
{
"name": "99612",
"refsource": "OSVDB",
"url": "http://osvdb.org/99612"
},
{
"name": "99616",
"refsource": "OSVDB",
"url": "http://osvdb.org/99616"
},
{
"name": "http://packetstormsecurity.com/files/123976",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123976"
},
{
"name": "99613",
"refsource": "OSVDB",
"url": "http://osvdb.org/99613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5223",
"datePublished": "2013-11-15T20:00:00.000Z",
"dateReserved": "2013-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-07T14:17:39.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201311-0288
Vulnerability from variot
D-Link DSL-2760U The gateway contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. (1) sntpcfg.cgi of ntpServer1 Parameters (2) ddnsmngr.cmd of username Parameters (3) todmngr.tod of username Parameters (4) urlfilter.cmd of TodUrlAdd Parameters (5) scprttrg.cmd of appName Parameters (6) scoutflt.cmd of add In action fltName Parameters (7) scoutflt.cmd of remove In action rmLst Parameters (8) portmapcfg.cmd of groupName Parameters (9) snmpconfig.cgi of snmpRoCommunity Parameters (10) scinflt.cmd of fltName Parameters (11) prmngr.cmd of add In action PolicyName Parameters (12) prmngr.cmd of remove In action rmLst Parameters (13) ippcfg.cmd of ippName Parameters (14) samba.cgi of smbNetBiosName Parameters (15) samba.cgi of smbDirName Parameters (16) wlcfg.wl of wlSsid Parameters. The D-Link Router 2760N is a router device. There are multiple cross-site scripting and HTML injection vulnerabilities in the D-Link DSL-2760U-BN. Since the D-Link Router 2760N is handling NTS settings, dynamic DNS settings, URL filtering. NAT port processing, IP filtering, interface group, import IP filter, policy routing add, print server, SAMBA configuration, WIFI SSID incorrectly filter input, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks when malicious data is viewed When it can lead to sensitive information leakage or session hijacking. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. E1). The vulnerability is caused by (1) the sntpcfg.cgi script does not filter the 'ntpServer1' parameter correctly (2) the ddnsmngr.cmd or todmngr.tod script does not correctly Filter the 'username' parameter (3) The urlfilter.cmd script does not correctly filter the 'TodUrlAdd' parameter (4) The scprttrg.cmd script does not correctly filter the 'appName' parameter (5) The scoutflt.cmd script does not correctly filter the 'fltName' in the add operation 'rmLst' parameter in parameters and delete operations (6) portmapcfg.cmd script does not filter 'groupName' parameter correctly (7) snmpconfig.cgi script does not filter 'snmpRoCommunity' parameter correctly (8) scinflt.cmd script does not filter 'fltName' correctly 'Parameter (9) The prmngr.cmd script does not correctly filter the 'PolicyName' parameter in the add operation and the 'rmLst' parameter in the delete operation (10) The ippcfg.cmd script does not correctly filter the 'ippName' parameter (11) The samba.cgi script The 'smbNetBiosName' and 'smbDirName' parameters are not filtered correctly (12) The wlcfg.wl script does not filter the 'wlSsid' parameter correctly. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by using a specially crafted URL. Advisory: D-Link Router 2760N (DSL-2760U-BN) Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223
========================== Vulnerability Description ==========================
Multiple Cross-Site Scripting (XSS) vulnerabilities present in D-Link Router 2760N, both stored and reflected in various sections of the router Web-UI. 23-Aug-2013 - Vendor Re-Informed - No response. 01-Sep-2013 - Vendor Re-Informed - No response. 10-Sep-2013 - Vendor Re-Informed - No response. 10-Oct-2013 - Vendor Re-Informed - No response.
========================== References ==========================
http://www.dlink.com http://www.dlink.com.tr/en/arts/117.html http://www.netcheif.com/downloads/DSL-2760U_user_manual.pdf
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl-2760u",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12"
},
{
"model": "dsl-2760u",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "(rev. e1)"
},
{
"model": "dsl-2760u-bn",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsl-2760u",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dsl-2760u-bn",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dsl-2760u",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Liad Mizrachi",
"sources": [
{
"db": "BID",
"id": "63648"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 1.0
},
"cve": "CVE-2013-5223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-5223",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14456",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-65225",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2013-5223",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5223",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5223",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2013-14456",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-140",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-65225",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2013-5223",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-2760U The gateway contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. (1) sntpcfg.cgi of ntpServer1 Parameters (2) ddnsmngr.cmd of username Parameters (3) todmngr.tod of username Parameters (4) urlfilter.cmd of TodUrlAdd Parameters (5) scprttrg.cmd of appName Parameters (6) scoutflt.cmd of add In action fltName Parameters (7) scoutflt.cmd of remove In action rmLst Parameters (8) portmapcfg.cmd of groupName Parameters (9) snmpconfig.cgi of snmpRoCommunity Parameters (10) scinflt.cmd of fltName Parameters (11) prmngr.cmd of add In action PolicyName Parameters (12) prmngr.cmd of remove In action rmLst Parameters (13) ippcfg.cmd of ippName Parameters (14) samba.cgi of smbNetBiosName Parameters (15) samba.cgi of smbDirName Parameters (16) wlcfg.wl of wlSsid Parameters. The D-Link Router 2760N is a router device. There are multiple cross-site scripting and HTML injection vulnerabilities in the D-Link DSL-2760U-BN. Since the D-Link Router 2760N is handling NTS settings, dynamic DNS settings, URL filtering. NAT port processing, IP filtering, interface group, import IP filter, policy routing add, print server, SAMBA configuration, WIFI SSID incorrectly filter input, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks when malicious data is viewed When it can lead to sensitive information leakage or session hijacking. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. E1). The vulnerability is caused by (1) the sntpcfg.cgi script does not filter the \u0027ntpServer1\u0027 parameter correctly (2) the ddnsmngr.cmd or todmngr.tod script does not correctly Filter the \u0027username\u0027 parameter (3) The urlfilter.cmd script does not correctly filter the \u0027TodUrlAdd\u0027 parameter (4) The scprttrg.cmd script does not correctly filter the \u0027appName\u0027 parameter (5) The scoutflt.cmd script does not correctly filter the \u0027fltName\u0027 in the add operation \u0027rmLst\u0027 parameter in parameters and delete operations (6) portmapcfg.cmd script does not filter \u0027groupName\u0027 parameter correctly (7) snmpconfig.cgi script does not filter \u0027snmpRoCommunity\u0027 parameter correctly (8) scinflt.cmd script does not filter \u0027fltName\u0027 correctly \u0027Parameter (9) The prmngr.cmd script does not correctly filter the \u0027PolicyName\u0027 parameter in the add operation and the \u0027rmLst\u0027 parameter in the delete operation (10) The ippcfg.cmd script does not correctly filter the \u0027ippName\u0027 parameter (11) The samba.cgi script The \u0027smbNetBiosName\u0027 and \u0027smbDirName\u0027 parameters are not filtered correctly (12) The wlcfg.wl script does not filter the \u0027wlSsid\u0027 parameter correctly. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by using a specially crafted URL. Advisory:\t\tD-Link Router 2760N (DSL-2760U-BN) Multiple XSS\nAuthor:\t\tLiad Mizrachi\nVendor URL:\thttp://www.dlink.com\nStatus:\t\tFixed\nCVE-ID:\t\tCVE-2013-5223\n\n==========================\nVulnerability Description\n==========================\n\nMultiple Cross-Site Scripting (XSS) vulnerabilities present in D-Link Router 2760N, both stored and reflected in various sections of the router Web-UI. \n23-Aug-2013 - Vendor Re-Informed - No response. \n01-Sep-2013 - Vendor Re-Informed - No response. \n10-Sep-2013 - Vendor Re-Informed - No response. \n10-Oct-2013 - Vendor Re-Informed - No response. \n\n==========================\nReferences\n==========================\n\n\nhttp://www.dlink.com\nhttp://www.dlink.com.tr/en/arts/117.html\nhttp://www.netcheif.com/downloads/DSL-2760U_user_manual.pdf\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "PACKETSTORM",
"id": "123976"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36987",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-65225",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5223",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "123976",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "99606",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99610",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99608",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99607",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99615",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99612",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99613",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99603",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99605",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99604",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99611",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99616",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "99609",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10002",
"trust": 1.8
},
{
"db": "BID",
"id": "63648",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14456",
"trust": 0.6
},
{
"db": "XF",
"id": "20135223",
"trust": 0.6
},
{
"db": "XF",
"id": "88723",
"trust": 0.6
},
{
"db": "XF",
"id": "88724",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20131110 D-LINK ROUTER 2760N (DSL-2760U-BN) MULTIPLE XSS",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36987",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "36988",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65225",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-5223",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"id": "VAR-201311-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
}
]
},
"last_update_date": "2024-11-23T22:39:04.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10002",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2013/nov/76"
},
{
"trust": 1.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10002"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/123976"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99603"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99604"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99605"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99606"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99607"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99608"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99609"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99610"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99611"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99612"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99613"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99615"
},
{
"trust": 1.8,
"url": "http://osvdb.org/99616"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5223"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5223"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/63648"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/88724"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/88723"
},
{
"trust": 0.4,
"url": "http://www.dlink.com.tr/en/arts/117.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/36987/"
},
{
"trust": 0.1,
"url": "https://github.com/ostorlab/kev"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/ippcfg.cmd?action=savapply\u0026ippenabled=1\u0026ippmake=aa\u0026ippname=aa\";alert(\u0027xss-printer-sever\u0027);//"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scinflt.cmd?action=add\u0026wanif=ppp0\u0026fltname=\u003cscript\u003ealert(\u0027xss\u0026protocol=2\u0026srcaddr=ss\u0027)\u003c/script\u003e\u0026srcmask=255.255.255.0\u0026srcport=80\u0026dstaddr=10.0.0.10\u0026dstmask=255.255.255.0\u0026dstport=8080"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlcfg.wl?wlssididx=0\u0026wlenbl=1\u0026wlhide=0\u0026wlapisolation=0\u0026wlssid=%3cscript%3ealert(%27xssid%27)%3c/script%3e\u0026wlcountry=il\u0026wlmaxassoc=16\u0026wldisablewme=0\u0026wlenablewmf=0\u0026wlenbl_wl0v1=0\u0026wlssid_wl0v1=wl0_guest1\u0026wlhide_wl0v1=0\u0026wlapisolation_wl0v1=0\u0026wldisablewme_wl0v1=0\u0026wlenablewmf_wl0v1=0\u0026wlmaxassoc_wl0v1=16\u0026wlenbl_wl0v2=0\u0026wlssid_wl0v2=wl0_guest2\u0026wlhide_wl0v2=0\u0026wlapisolation_wl0v2=0\u0026wldisablewme_wl0v2=0\u0026wlenablewmf_wl0v2=0\u0026wlmaxassoc_wl0v2=16\u0026wlenbl_wl0v3=0\u0026wlssid_wl0v3=wl0_guest3\u0026wlhide_wl0v3=0\u0026wlapisolation_wl0v3=0\u0026wldisablewme_wl0v3=0\u0026wlenablewmf_wl0v3=0\u0026wlmaxassoc_wl0v3=16"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/prmngr.cmd?action=add\u0026policyname=\u003cscript\u003ealert(\u0027x\u0026sourceip=ss\u0027);\u003c/script\u003e\u0026lanifcname=wl0\u0026wanif=ppp0\u0026defaultgw=10.0.0.111"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/samba.cgi?enablesmb=1\u0026smbnetbiosname=\u0027;var"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/ddnsmngr.cmd?action=add\u0026service=1\u0026hostname=aaaa\u0026username=%3cscript%3ealert(%27xss%27)%3c%2fscript%3e\u0026password=zzzzzz\u0026iface=ppp0"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/urlfilter.cmd?action=set_url\u0026todurladd=%3cscript%3ealert(%27xss%27)%3c/script%3e\u0026port_num=80"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5223"
},
{
"trust": 0.1,
"url": "http://www.dlink.com"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scoutflt.cmd?action=add\u0026fltname=\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e\u0026protocol=1\u0026srcaddr=10.0.0.10\u0026srcmask=255.255.255.0\u0026srcport=80\u0026dstaddr=10.0.0.12\u0026dstmask=255.255.255.0\u0026dstport=8080"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scoutflt.cmd?action=remove\u0026rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://www.netcheif.com/downloads/dsl-2760u_user_manual.pdf"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/samba.cgi?enablesmb=1\u0026smbnetbiosname=\u0027;alert(\"samba-x\u0026smbdirname=ss\");//\u0026smbutf8dirname=bbb\u0026smbcharset=utf8\u0026smbunplug=nolug=no"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlsecurity.html]"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/scprttrg.cmd?action=add\u0026appname=%3cscript%3ealert(%27xss%27)%3c/script%3e\u0026dstwanif=ppp0\u0026tstart=1111,\u0026tend=1112,\u0026tproto=1,\u0026ostart=11,\u0026oend=11,\u0026oproto=1,"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/todmngr.tod?action=add\u0026username=%3cscript%3ealert%28%27xss%27%29%3c/script%3e\u0026mac=f1:de:f1:ab:cb:6d\u0026days=1\u0026start_time=571\u0026end_time=732"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/snmpconfig.cgi?snmpstatus=1\u0026snmprocommunity=%27;alert(%27xss%27)\u0026snmprwcommunity=private\u0026snmpsysname=d-link\u0026snmpsyscontact=unknown\u0026snmpsyslocation=unknown\u0026snmptrapip=0.0.0.0"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/prmngr.cmd?action=remove\u0026rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/portmapcfg.cmd?action=add\u0026groupname=\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e\u0026choicebox=|usb0|wl0|\u0026wanifname=atm1"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/wlmacflt.cmd?action=view]"
},
{
"trust": 0.1,
"url": "http://\u003cd_link_host\u003e/sntpcfg.cgi?ntp_enabled=1\u0026ntpserver1=locahost%22;alert%28%27xss%27%29;//\u0026ntpserver2=time-nw.nist.gov\u0026ntpserver3=\u0026ntpserver4=\u0026ntpserver5=\u0026timezone_offset=+02:00\u0026timezone=jerusalem\u0026use_dst=0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"db": "VULHUB",
"id": "VHN-65225"
},
{
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"db": "BID",
"id": "63648"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"date": "2013-11-19T00:00:00",
"db": "VULHUB",
"id": "VHN-65225"
},
{
"date": "2013-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"date": "2013-11-10T00:00:00",
"db": "BID",
"id": "63648"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"date": "2013-11-11T23:46:32",
"db": "PACKETSTORM",
"id": "123976"
},
{
"date": "2013-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"date": "2013-11-19T04:50:12.063000",
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14456"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-65225"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5223"
},
{
"date": "2013-11-10T00:00:00",
"db": "BID",
"id": "63648"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005171"
},
{
"date": "2013-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-140"
},
{
"date": "2024-11-21T01:57:14.070000",
"db": "NVD",
"id": "CVE-2013-5223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSL-2760U Gateway cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "123976"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-140"
}
],
"trust": 0.7
}
}
Vulnerability from fkie_nvd
Published
2013-11-19 04:50
Modified
2025-02-07 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2760u_firmware | * | |
| dlink | dsl-2760u | e1 |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2760u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6898225-0F82-4BF7-9601-C979B12FED23",
"versionEndExcluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2760u:e1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA475707-6991-4344-8FFF-36FA7AC0F23E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en D-Link DSL-2760U Gateway (Rev. E1) permite a usuarios remotos autenticados inyectar script web o HTML a trav\u00e9s de (1) par\u00e1metro ntpServer1 a sntpcfg.cgi, par\u00e1metro username a (2) ddnsmngr.cmd o (3) todmngr.tod, (4) par\u00e1metro TodUrlAdd a urlfilter.cmd, (5) par\u00e1metro appName a scprttrg.cmd, (6) fitName en una acci\u00f3n add o (7) par\u00e1metro rmLst en una acci\u00f3n remove a scoutfit.cmd, (8) par\u00e1metro groupName a portmapcfg.cmd, (9) par\u00e1metro snmpRoCommunity a snmpconfig.cgi, (10) par\u00e1metro fitName a scinfit.cmd, (11) PolicyName en una acci\u00f3n add o (12) par\u00e1metro rmLst en una acci\u00f3n remove a prmngr.cmd, (13) par\u00e1metro ippName a ippcfg.cmd, (14) smbNetBiosName o (15) par\u00e1metro smbDirName a samba.cgi, o (16) par\u00e1metro wISsid a wicfg.wi."
}
],
"id": "CVE-2013-5223",
"lastModified": "2025-02-07T15:15:13.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2013-11-19T04:50:12.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99603"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99604"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99605"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99606"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99607"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99608"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99609"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99610"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99611"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99612"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99613"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99615"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99616"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/123976"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Nov/76"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/99616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/123976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2013/Nov/76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}