Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-645 Firmware | <= 1.03 |
| Dlink | Dir-645 | a1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/95910
- http://osvdb.org/show/osvdb/95952
- http://osvdb.org/show/osvdb/95953
- http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txtExploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008PatchVendor Advisory
- http://www.securityfocus.com/bid/61579
- http://osvdb.org/show/osvdb/95910
- http://osvdb.org/show/osvdb/95952
- http://osvdb.org/show/osvdb/95953
- http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txtExploit
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008PatchVendor Advisory
- http://www.securityfocus.com/bid/61579
FAQ
What is CVE-2013-7389?
CVE-2013-7389 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid p...
How severe is CVE-2013-7389?
CVE-2013-7389 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7389?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-645 Firmware, Dlink Dir-645.