CVE-2013-7389

EXPLOITED

D-Link DIR-645 Router - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.

Exploits (3)

metasploit WORKING POC NORMAL
by Roberto Paleari, Craig Heffner · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_hedwig_cgi_bof.rb
exploitdb WORKING POC
by Roberto Paleari · textwebappshardware
https://www.exploit-db.com/exploits/27283
metasploit WORKING POC NORMAL
by Roberto Paleari, Craig Heffner · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_authentication_cgi_bof.rb

References (6)

Scores

EPSS 0.9223
EPSS Percentile 99.7%

Exploitation Intel

VulnCheck KEV 2021-04-12

Classification

CWE
CWE-79
Status draft

Affected Products (2)

dlink/dir-645_firmware < 1.03
dlink/dir-645

Timeline

Published Jul 07, 2014
Tracked Since Feb 18, 2026