CVE-2013-5223
MEDIUM KEVD-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
CVE-2013-5223 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2022. EIP tracks 2 public exploits from researchers including XLabs Security.
AI-analyzed exploit summary This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the URL filter via the 'todmngr.tod' endpoint. It requires authentication and verifies exploitation by checking if the payload is reflected in the response.
Description
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
Exploits (2)
This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the URL filter via the 'todmngr.tod' endpoint. It requires authentication and verifies exploitation by checking if the payload is reflected in the response.
This Perl script exploits a stored XSS vulnerability in D-Link DSL-500B G2 modems by injecting a malicious script into the 'todmngr.tod' endpoint, which executes when an administrator accesses the page. The exploit requires authentication and uses LWP::UserAgent to send crafted HTTP requests.
References (19)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N