CVE-2013-5223 — MEDIUM (5.4)

Q: How severe is CVE-2013-5223?

CVE-2013-5223 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-5223?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsl-2760U Firmware, Dlink Dsl-2760U.

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dlink	Dsl-2760U Firmware	< 1.12
Dlink	Dsl-2760U	e1

Related Weaknesses (CWE)

CWE-79

References

http://osvdb.org/99603Broken Link
http://osvdb.org/99604Broken Link
http://osvdb.org/99605Broken Link
http://osvdb.org/99606Broken Link
http://osvdb.org/99607Broken Link
http://osvdb.org/99608Broken Link
http://osvdb.org/99609Broken Link
http://osvdb.org/99610Broken Link
http://osvdb.org/99611Broken Link
http://osvdb.org/99612Broken Link
http://osvdb.org/99613Broken Link
http://osvdb.org/99615Broken Link
http://osvdb.org/99616Broken Link
http://packetstormsecurity.com/files/123976ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2013/Nov/76ExploitMailing ListThird Party Advisory

FAQ

What is CVE-2013-5223?

CVE-2013-5223 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sn...

How severe is CVE-2013-5223?

CVE-2013-5223 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5223?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsl-2760U Firmware, Dlink Dsl-2760U.