CVE-2013-5223

MEDIUM KEV

D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-5223 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. EIP tracks 2 public exploits from researchers including XLabs Security.

AI-analyzed exploit summary This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the URL filter via the 'todmngr.tod' endpoint. It requires authentication and verifies exploitation by checking if the payload is reflected in the response.

Description

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

Exploits (2)

exploitdb WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/36988

This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the URL filter via the 'todmngr.tod' endpoint. It requires authentication and verifies exploitation by checking if the payload is reflected in the response.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: D-Link DSL-500B G2
Auth required
Prerequisites: Target IP address · Valid credentials for the modem
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by XLabs Security · perlwebappshardware
https://www.exploit-db.com/exploits/36987

This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the 'todmngr.tod' endpoint, which executes when an administrator accesses the page. The exploit requires authentication and uses LWP::UserAgent to send crafted HTTP requests.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: D-Link DSL-500B G2
Auth required
Prerequisites: network access to the target device · valid credentials for the modem
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99613
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/123976
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99611
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99609
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88723
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88724
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99605
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99607
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99608
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99606
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99610
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99604
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99615
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Nov/76
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99603
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99612
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/99616

Scores

CVSS v3 5.4
EPSS 0.3357
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-03-25
VulnCheck KEV 2021-11-11
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2013-5063
CWE
CWE-79
Status published
Products (1)
dlink/dsl-2760u_firmware < 1.12
Published Nov 19, 2013
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026