4.3

CVE-2013-7389

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DlinkDir-645 Firmware Updateb08 Version <= 1.03
DlinkDir-645 Versiona1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.75% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/show/osvdb/95910
http://osvdb.org/show/osvdb/95952
http://osvdb.org/show/osvdb/95953
http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt
Exploit
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008
Patch
Vendor Advisory
http://www.securityfocus.com/bid/61579