CVE-2010-0470

Comtrend CT-507IT ADSL Router - Cross-Site Scripting via scvrtsrv.cmd srvName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0470. PoCs published by Yoyahack.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in the Comtrend CT-507 IT device's web interface. It includes a URL demonstrating how an attacker could inject arbitrary script code via the 'srvName' parameter.

Description

Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Yoyahack · textremotehardware
https://www.exploit-db.com/exploits/33580

The provided text describes a cross-site scripting (XSS) vulnerability in the Comtrend CT-507 IT device's web interface. It includes a URL demonstrating how an attacker could inject arbitrary script code via the 'srvName' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Comtrend CT-507 IT
No auth needed
Prerequisites: Access to the device's web interface
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38309
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38004

Scores

EPSS 0.0146
EPSS Percentile 70.5%

Details

CWE
CWE-79
Status published
Products (1)
comtrend/ct-507it_adsl_router
Published Feb 02, 2010
Tracked Since Feb 18, 2026