Multiple Cross-Site Scripting Vulnerabilities in D-Link DIR-645 Router
CVE-2013-7389

Currently unrated

Key Information:

Vendor: D-Link
Status: Dir-645 Firmware; Dir-645
Vendor: CVE Published:; 7 July 2014

Summary

The D-Link DIR-645 Router (Rev. A1), with firmware versions earlier than 1.04B11, contains multiple cross-site scripting (XSS) vulnerabilities. These flaws allow remote attackers to inject arbitrary web scripts or HTML into the device. The vulnerable parameters include 'deviceid' in the parental controls functionality, 'RESULT' in the info.php script, and 'receiver' in the bsc_sms_send.php handler. Exploitation of these vulnerabilities could facilitate unauthorized actions on behalf of users, rendering their sensitive information susceptible to interception and manipulation.

References

http://roberto.greyhats.it/advisories/20130801-dlink-dir6...

x_refsource_MISC

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://osvdb.org/show/osvdb/95953

vdb-entryx_refsource_OSVDB

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
Jul 7, 2014