← Voltar para CVEs

CVE-2013-5223

MEDIUMCISA KEV

5.4

Descricao

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado11/19/2013

Ultima modificacao4/22/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorD-Link

ProdutoDSL-2760U

Nome da vulnerabilidadeD-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

Data inclusao KEV2022-03-25

Prazo de remediacao2022-04-15

Uso em ransomwareUnknown

Produtos afetados

dlink:dsl-2760udlink:dsl-2760u_firmware

Fraquezas (CWE)

CWE-79CWE-79

Referencias

http://osvdb.org/99603(cve@mitre.org)

http://osvdb.org/99604(cve@mitre.org)

http://osvdb.org/99605(cve@mitre.org)

http://osvdb.org/99606(cve@mitre.org)

http://osvdb.org/99607(cve@mitre.org)

http://osvdb.org/99608(cve@mitre.org)

http://osvdb.org/99609(cve@mitre.org)

http://osvdb.org/99610(cve@mitre.org)

http://osvdb.org/99611(cve@mitre.org)

http://osvdb.org/99612(cve@mitre.org)

http://osvdb.org/99613(cve@mitre.org)

http://osvdb.org/99615(cve@mitre.org)

http://osvdb.org/99616(cve@mitre.org)

http://packetstormsecurity.com/files/123976(cve@mitre.org)

http://seclists.org/fulldisclosure/2013/Nov/76(cve@mitre.org)

http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/88723(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/88724(cve@mitre.org)

http://osvdb.org/99603(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99604(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99605(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99606(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99607(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99608(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99609(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99610(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99611(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99612(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99613(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99615(af854a3a-2127-422b-91ae-364da2661108)

http://osvdb.org/99616(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/123976(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2013/Nov/76(af854a3a-2127-422b-91ae-364da2661108)

http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/88723(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/88724(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-5223(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.