Cross-Site Scripting Vulnerability in D-Link DIR-100 Router
CVE-2013-7054

6.1MEDIUM

Key Information:

Vendor
D-Link
Status
Dir-100 Firmware
Vendor
CVE Published:
4 February 2020

Summary

A cross-site scripting (XSS) vulnerability exists in the D-Link DIR-100 router, specifically in the 'cli.cgi' component. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking and sensitive information theft. By exploiting this vulnerability, an attacker can gain unauthorized access to administrative features and control over the router, posing significant security risks to affected users. It is critical for users of D-Link DIR-100 routers to apply available security updates and follow best practices to mitigate exposure to this type of vulnerability.

References

http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90906
x_refsource_MISC
https://www.securityfocus.com/bid/65290/info
x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.