CVE-2013-5223: D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
First published: Fri Nov 15 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DSL-2760U | ||
| All of | ||
| D-Link DSL-2760U Firmware | <1.12 | |
| D-Link DSL-2760U | =e1 | |
| D-Link DSL-2760U Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/99603
- http://osvdb.org/99604
- http://osvdb.org/99605
- http://osvdb.org/99606
- http://osvdb.org/99607
- http://osvdb.org/99608
- http://osvdb.org/99609
- http://osvdb.org/99610
- http://osvdb.org/99611
- http://osvdb.org/99612
- http://osvdb.org/99613
- http://osvdb.org/99615
- http://osvdb.org/99616
- http://packetstormsecurity.com/files/123976
- http://seclists.org/fulldisclosure/2013/Nov/76
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88723
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88724
- https://nvd.nist.gov/vuln/detail/CVE-2013-5223
Frequently Asked Questions
What is the severity of CVE-2013-5223?
CVE-2013-5223 is classified with a medium severity due to its potential to allow authenticated users to execute arbitrary scripts.
How do I fix CVE-2013-5223?
To fix CVE-2013-5223, update the D-Link DSL-2760U Gateway to the latest firmware version beyond 1.12.
Who is affected by CVE-2013-5223?
CVE-2013-5223 affects users of the D-Link DSL-2760U Gateway (Rev. E1) running vulnerable firmware versions.
What type of vulnerability is CVE-2013-5223?
CVE-2013-5223 is categorized as a cross-site scripting (XSS) vulnerability.
Can CVE-2013-5223 be exploited remotely?
Yes, CVE-2013-5223 can be exploited remotely by authenticated users.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/trending
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- vendor/d-link
- canonical/d-link dsl-2760u
- vendor/dlink
- canonical/d-link dsl-2760u firmware
- version/d-link dsl-2760u/e1