cvelistv5 - cve-2013-7389

cve-2013-7389

Vulnerability from cvelistv5

Published

2014-07-07 14:00

Modified

2024-08-06 18:09

Severity ?

EPSS score ?

0.77% (0.81426)

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/show/osvdb/95910
cve@mitre.org	http://osvdb.org/show/osvdb/95952
cve@mitre.org	http://osvdb.org/show/osvdb/95953
cve@mitre.org	http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt	Exploit
cve@mitre.org	http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/61579
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95910
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95952
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95953
af854a3a-2127-422b-91ae-364da2661108	http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61579

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:09:17.050Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
               },
               {
                  name: "95953",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/show/osvdb/95953",
               },
               {
                  name: "95952",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/show/osvdb/95952",
               },
               {
                  name: "95910",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/show/osvdb/95910",
               },
               {
                  name: "61579",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/61579",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-08-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-29T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
            },
            {
               name: "95953",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/show/osvdb/95953",
            },
            {
               name: "95952",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/show/osvdb/95952",
            },
            {
               name: "95910",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/show/osvdb/95910",
            },
            {
               name: "61579",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/61579",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-7389",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
                     refsource: "MISC",
                     url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
                  },
                  {
                     name: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
                     refsource: "CONFIRM",
                     url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
                  },
                  {
                     name: "95953",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/show/osvdb/95953",
                  },
                  {
                     name: "95952",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/show/osvdb/95952",
                  },
                  {
                     name: "95910",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/show/osvdb/95910",
                  },
                  {
                     name: "61579",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/61579",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-7389",
      datePublished: "2014-07-07T14:00:00",
      dateReserved: "2014-07-07T00:00:00",
      dateUpdated: "2024-08-06T18:09:17.050Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.03\", \"matchCriteriaId\": \"EA1EE89F-4AFE-4B6A-BE6F-09184B0D2956\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E02F7E04-F6D7-466D-81AD-14591443EBC3\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en D-Link DIR-645 Router (Rev. A1) con firmware anterior a 1.04B11 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s de (1) el par\\u00e1metro deviceid en parentalcontrols/bind.php, (2) el par\\u00e1metro RESULT en info.php o (3) el par\\u00e1metro receiver en bsc_sms_send.php.\"}]",
         id: "CVE-2013-7389",
         lastModified: "2024-11-21T02:00:54.403",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2014-07-07T14:55:03.147",
         references: "[{\"url\": \"http://osvdb.org/show/osvdb/95910\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/show/osvdb/95952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/show/osvdb/95953\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61579\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/show/osvdb/95910\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/show/osvdb/95952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/show/osvdb/95953\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2013-7389\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-07-07T14:55:03.147\",\"lastModified\":\"2024-11-21T02:00:54.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.\"},{\"lang\":\"es\",\"value\":\"Múltiples vulnerabilidades de XSS en D-Link DIR-645 Router (Rev. A1) con firmware anterior a 1.04B11 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro deviceid en parentalcontrols/bind.php, (2) el parámetro RESULT en info.php o (3) el parámetro receiver en bsc_sms_send.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.03\",\"matchCriteriaId\":\"EA1EE89F-4AFE-4B6A-BE6F-09184B0D2956\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E02F7E04-F6D7-466D-81AD-14591443EBC3\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/show/osvdb/95910\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/show/osvdb/95952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/show/osvdb/95953\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/show/osvdb/95910\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/show/osvdb/95952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/show/osvdb/95953\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

ghsa-w84x-2hxj-9gfv

Vulnerability from github

Published

2022-05-17 03:12

Modified

2022-05-17 03:12

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2013-7389",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-79",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2014-07-07T14:55:00Z",
      severity: "MODERATE",
   },
   details: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
   id: "GHSA-w84x-2hxj-9gfv",
   modified: "2022-05-17T03:12:34Z",
   published: "2022-05-17T03:12:34Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2013-7389",
      },
      {
         type: "WEB",
         url: "http://osvdb.org/show/osvdb/95910",
      },
      {
         type: "WEB",
         url: "http://osvdb.org/show/osvdb/95952",
      },
      {
         type: "WEB",
         url: "http://osvdb.org/show/osvdb/95953",
      },
      {
         type: "WEB",
         url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
      },
      {
         type: "WEB",
         url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/61579",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. D-Link DIR-645 Router (Rev. A1) Contains a cross-site scripting vulnerability.By a third party via the following parameters Web Script or HTML May be inserted. (1) parentalcontrols/bind.php of deviceid Parameters (2) info.php of RESULT Parameters (3) bsc_sms_send.php of receiver Parameters. The D-Link DIR-645 Widget function has an unexplained security vulnerability that allows a remote attacker to exploit the vulnerability to gain unauthorized access to the device. The D-Link DIR-645 is a wireless router device. D-Link DIR-645 \"post_login.xml\", \"hedwig.cgi\", \"authentication.cgi\" incorrectly filters user-submitted parameter data, allowing remote attackers to exploit exploits to submit specially crafted requests to trigger buffer overflows, allowing applications to Stop responding, causing a denial of service attack. Remote attackers can exploit these issues to execute arbitrary code in the context of the affected device or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and perform unauthorized actions. Other attacks may also be possible. D-Link DIR-645 running firmware 1.03B08 is vulnerable; other versions may also be affected. Multiple vulnerabilities on D-Link DIR-645 devices ==================================================

[ADVISORY INFORMATION] Title: Multiple vulnerabilities on D-Link DIR-645 devices Discovery date: 06/03/2013 Release date: 02/08/2013 Advisory URL: http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt Credits: Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)

[AFFECTED PRODUCTS] This security vulnerability affects the following products and firmware versions: * D-Link DIR-645, 1.03B08 Other products and firmware versions could also be vulnerable, but they were not checked. All of them are exploitable by remote, unauthenticated attackers. Details are outlined in the following, including some proof-of-concepts.

Buffer overflow on "post_login.xml"

Invoking the "post_login.xml" server-side script, attackers can specify a "hash" password value that is used to authenticate the user. This hash value is eventually processed by the "/usr/sbin/widget" local binary. However, the latter copies the user-controlled hash into a statically-allocated buffer, allowing attackers to overwrite adjacent memory locations.

As a proof-of-concept, the following URL allows attackers to control the return value saved on the stack (the vulnerability is triggered when executing "/usr/sbin/widget"):

 curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB

The value of the "hash" HTTP GET parameter consists in 292 occurrences of the 'A' character, followed by four occurrences of character 'B'. In our lab setup, characters 'B' overwrite the saved program counter (%ra).

Buffer overflow on "hedwig.cgi"

Another buffer overflow affects the "hedwig.cgi" CGI script. Unauthenticated remote attackers can invoke this CGI with an overly-long cookie value that can overflow a program buffer and overwrite the saved program address.

Proof-of-concept: curl -b uid=$(perl -e 'print "A"x1400;') -d 'test' http:///hedwig.cgi

Buffer overflow on "authentication.cgi"

The third buffer overflow vulnerability affects the "authentication.cgi" CGI script. This time the issue affects the HTTP POST paramter named "password". Again, this vulnerability can be abused to achieve remote code execution. As for all the previous issues, no authentication is required.

Proof-of-concept: curl -b uid=test -d $(perl -e 'print "uid=test&password=asd" . "A"x2024;') http:///authentication.cgi

Cross-site scripting on "bind.php"

Proof-of-concept: curl "http:///parentalcontrols/bind.php?deviceid=test'\"/>alert(1)<"

Cross-site scripting on "info.php"

Proof-of-concept: curl "http:///info.php?RESULT=testme\", msgArray); alert(1); //"

Cross-site scripting on "bsc_sms_send.php"

Proof-of-concept: curl "http:///bsc_sms_send.php?receiver=testme\"/>alert(1);<div"

[REMEDIATION] D-Link has released an updated firmware version (1.04) that addresses this issue. The firmware is already available on D-Link web site, at the following URL: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000

[DISCLAIMER] The author is not responsible for the misuse of the information provided in this security advisory. The advisory is a service to the professional security community. There are NO WARRANTIES with regard to this information. Any application or distribution of this information constitutes acceptance AS IS, at the user's own risk. This information is subject to change without notice

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0318",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-645 1.03b08",
            scope: null,
            trust: 4.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-645",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "a1",
         },
         {
            model: "dir-645",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.03",
         },
         {
            model: "dir-645",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "a1",
         },
         {
            model: "dir-645",
            scope: "lt",
            trust: 0.8,
            vendor: "d link",
            version: "1.04b11",
         },
         {
            model: "dir-645",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "1.03",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Roberto Paleari",
      sources: [
         {
            db: "BID",
            id: "61579",
         },
         {
            db: "PACKETSTORM",
            id: "122659",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
      trust: 1,
   },
   cve: "CVE-2013-7389",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2013-7389",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-15550",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-15555",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-15556",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2013-11640",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2013-15551",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-11625",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-15554",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2013-15553",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-67391",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2013-7389",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15550",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15555",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15556",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-11640",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15551",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-11625",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15554",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-15553",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201308-024",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-67391",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2013-7389",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php. D-Link DIR-645 Router (Rev. A1) Contains a cross-site scripting vulnerability.By a third party via the following parameters Web Script or HTML May be inserted. (1) parentalcontrols/bind.php of deviceid Parameters (2) info.php of RESULT Parameters (3) bsc_sms_send.php of receiver Parameters. The D-Link DIR-645 Widget function has an unexplained security vulnerability that allows a remote attacker to exploit the vulnerability to gain unauthorized access to the device. The D-Link DIR-645 is a wireless router device. D-Link DIR-645 \\\"post_login.xml\\\", \\\"hedwig.cgi\\\", \\\"authentication.cgi\\\" incorrectly filters user-submitted parameter data, allowing remote attackers to exploit exploits to submit specially crafted requests to trigger buffer overflows, allowing applications to Stop responding, causing a denial of service attack. \nRemote attackers can exploit  these issues to execute arbitrary code in  the context of the affected device or execute arbitrary script code in  the browser of an unsuspecting user  in the context of the affected  site. This may allow the attacker to  steal cookie-based authentication  credentials and perform unauthorized  actions. Other attacks may also be  possible. \nD-Link DIR-645 running firmware 1.03B08 is vulnerable; other versions may also be affected. Multiple vulnerabilities on D-Link DIR-645 devices\n==================================================\n\n[ADVISORY INFORMATION]\nTitle:\t\tMultiple vulnerabilities on D-Link DIR-645 devices\nDiscovery date: 06/03/2013\nRelease date:   02/08/2013\nAdvisory URL:   http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\nCredits:        Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)\n\n[AFFECTED PRODUCTS]\nThis security vulnerability affects the following products and firmware\nversions:\n   * D-Link DIR-645, 1.03B08\nOther products and firmware versions could also be vulnerable, but they were\nnot checked. All of them\nare exploitable by remote, unauthenticated attackers. Details are outlined in\nthe following, including some proof-of-concepts. \n\n1. Buffer overflow on \"post_login.xml\"\n   \n   Invoking the \"post_login.xml\" server-side script, attackers can specify a\n   \"hash\" password value that is used to authenticate the user. This hash value\n   is eventually processed by the \"/usr/sbin/widget\" local binary. However, the\n   latter copies the user-controlled hash into a statically-allocated buffer,\n   allowing attackers to overwrite adjacent memory locations. \n\n   As a proof-of-concept, the following URL allows attackers to control the\n   return value saved on the stack (the vulnerability is triggered when\n   executing \"/usr/sbin/widget\"):\n\n     curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB\n\n   The value of the \"hash\" HTTP GET parameter consists in 292 occurrences of\n   the 'A' character, followed by four occurrences of character 'B'. In our lab\n   setup, characters 'B' overwrite the saved program counter (%ra). \n\n\n2. Buffer overflow on \"hedwig.cgi\"\n\n   Another buffer overflow affects the \"hedwig.cgi\" CGI script. Unauthenticated\n   remote attackers can invoke this CGI with an overly-long cookie value that\n   can overflow a program buffer and overwrite the saved program address. \n\n   Proof-of-concept:\n     curl -b uid=$(perl -e 'print \"A\"x1400;') -d 'test' http://<target ip>/hedwig.cgi\n\n\n3. Buffer overflow on \"authentication.cgi\"\n\n   The third buffer overflow vulnerability affects the \"authentication.cgi\" CGI\n   script. This time the issue affects the HTTP POST paramter named\n   \"password\". Again, this vulnerability can be abused to achieve remote code\n   execution. As for all the previous issues, no authentication is required. \n\n   Proof-of-concept:\n     curl -b uid=test -d $(perl -e 'print \"uid=test&password=asd\" . \"A\"x2024;') http://<target ip>/authentication.cgi\n\n\n4. Cross-site scripting on \"bind.php\"\n\n   Proof-of-concept:\n    curl \"http://<target ip>/parentalcontrols/bind.php?deviceid=test'\\\"/><script>alert(1)</script><\"\n\n\n5. Cross-site scripting on \"info.php\"\n\n   Proof-of-concept:\n     curl \"http://<target ip>/info.php?RESULT=testme\\\", msgArray); alert(1); //\"\n\n\n6. Cross-site scripting on \"bsc_sms_send.php\"\n\n   Proof-of-concept:\n     curl \"http://<target ip>/bsc_sms_send.php?receiver=testme\\\"/><script>alert(1);</script><div\"\n\n\n[REMEDIATION]\nD-Link has released an updated firmware version (1.04) that addresses this\nissue. The firmware is already available on D-Link web site, at the following\nURL:\nhttp://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\n\n[DISCLAIMER]\nThe author is not responsible for the misuse of the information provided in\nthis security advisory. The advisory is a service to the professional security\ncommunity. There are NO WARRANTIES with regard to this information. Any\napplication or distribution of this information constitutes acceptance AS IS,\nat the user's own risk. This information is subject to change without notice",
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "BID",
            id: "61579",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "PACKETSTORM",
            id: "122659",
         },
      ],
      trust: 6.48,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-67391",
            trust: 0.1,
            type: "unknown",
         },
         {
            reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=27283",
            trust: 0.1,
            type: "exploit",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "DLINK",
            id: "SAP10008",
            trust: 5.4,
         },
         {
            db: "BID",
            id: "61579",
            trust: 3.3,
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
            trust: 2.9,
         },
         {
            db: "OSVDB",
            id: "95953",
            trust: 1.8,
         },
         {
            db: "OSVDB",
            id: "95910",
            trust: 1.8,
         },
         {
            db: "OSVDB",
            id: "95952",
            trust: 1.8,
         },
         {
            db: "PACKETSTORM",
            id: "122659",
            trust: 1.3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
            trust: 0.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "27283",
            trust: 0.2,
         },
         {
            db: "SEEBUG",
            id: "SSVID-80897",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "BID",
            id: "61579",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "PACKETSTORM",
            id: "122659",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   id: "VAR-201407-0318",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
      ],
      trust: 5.612121200000001,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
               "Network device",
            ],
            sub_category: null,
            trust: 4.8,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
      ],
   },
   last_update_date: "2023-12-18T13:19:57.595000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "SAP10008",
            trust: 0.8,
            url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10008",
         },
         {
            title: "D-Link DIR-645 /service.cgi special cookie remote command injection vulnerability patch",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41983",
         },
         {
            title: "D-Link DIR-645 version.php verifies patches that bypass remote information disclosure vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41987",
         },
         {
            title: "D-Link DIR-645 getfile API path traversal patch for arbitrary file access vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41988",
         },
         {
            title: "D-Link DIR-645 has multiple patches for cross-site scripting vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/38030",
         },
         {
            title: "D-Link DIR-645 Widget verifies patches for unauthorized access vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41984",
         },
         {
            title: "D-Link DIR-645 has multiple buffer overflow vulnerability patches",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/38029",
         },
         {
            title: "D-Link DIR-645 router_info.xml patch for remote information disclosure vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41986",
         },
         {
            title: "D-Link DIR-645 '__ajax_explorer.sgi' verifies the patch that bypasses the vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41985",
         },
         {
            title: "D-Link DIR-645 Fixes for Multiple Buffer Overflow and Cross-Site Scripting Vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234981",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/0xdeceiverangel/iot_firmware_reverse_stuff ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 5.4,
            url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10008",
         },
         {
            trust: 1.9,
            url: "http://www.securityfocus.com/bid/61579",
         },
         {
            trust: 1.9,
            url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
         },
         {
            trust: 1.8,
            url: "http://osvdb.org/show/osvdb/95910",
         },
         {
            trust: 1.8,
            url: "http://osvdb.org/show/osvdb/95952",
         },
         {
            trust: 1.8,
            url: "http://osvdb.org/show/osvdb/95953",
         },
         {
            trust: 1.2,
            url: "http://packetstormsecurity.com/files/122659/dlinkdir645-overflowxss.txt",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7389",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7389",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/79.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.exploit-db.com/exploits/27283/",
         },
         {
            trust: 0.1,
            url: "http://<target",
         },
         {
            trust: 0.1,
            url: "http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "PACKETSTORM",
            id: "122659",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            db: "BID",
            id: "61579",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            db: "PACKETSTORM",
            id: "122659",
         },
         {
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            date: "2013-08-06T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            date: "2013-08-06T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            date: "2014-07-07T00:00:00",
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            date: "2014-07-07T00:00:00",
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            date: "2013-08-02T00:00:00",
            db: "BID",
            id: "61579",
         },
         {
            date: "2014-07-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            date: "2013-08-02T15:28:11",
            db: "PACKETSTORM",
            id: "122659",
         },
         {
            date: "2014-07-07T14:55:03.147000",
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            date: "2013-08-06T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15550",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15555",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15556",
         },
         {
            date: "2013-08-06T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-11640",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15551",
         },
         {
            date: "2013-08-06T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-11625",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15554",
         },
         {
            date: "2013-12-25T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-15553",
         },
         {
            date: "2016-12-31T00:00:00",
            db: "VULHUB",
            id: "VHN-67391",
         },
         {
            date: "2023-04-26T00:00:00",
            db: "VULMON",
            id: "CVE-2013-7389",
         },
         {
            date: "2014-07-08T15:38:00",
            db: "BID",
            id: "61579",
         },
         {
            date: "2014-07-09T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
         {
            date: "2023-04-26T19:27:52.350000",
            db: "NVD",
            id: "CVE-2013-7389",
         },
         {
            date: "2023-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-645 Router firmware cross-site scripting vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006611",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201308-024",
         },
      ],
      trust: 0.6,
   },
}

gsd-2013-7389

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-7389

Aliases

CVE-2013-7389

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2013-7389",
      description: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
      id: "GSD-2013-7389",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2013-7389",
         ],
         details: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
         id: "GSD-2013-7389",
         modified: "2023-12-13T01:22:18.835667Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2013-7389",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
                  refsource: "MISC",
                  url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
               },
               {
                  name: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
                  refsource: "CONFIRM",
                  url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
               },
               {
                  name: "95953",
                  refsource: "OSVDB",
                  url: "http://osvdb.org/show/osvdb/95953",
               },
               {
                  name: "95952",
                  refsource: "OSVDB",
                  url: "http://osvdb.org/show/osvdb/95952",
               },
               {
                  name: "95910",
                  refsource: "OSVDB",
                  url: "http://osvdb.org/show/osvdb/95910",
               },
               {
                  name: "61579",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/61579",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.03",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-7389",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-79",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "95952",
                     refsource: "OSVDB",
                     tags: [],
                     url: "http://osvdb.org/show/osvdb/95952",
                  },
                  {
                     name: "95953",
                     refsource: "OSVDB",
                     tags: [],
                     url: "http://osvdb.org/show/osvdb/95953",
                  },
                  {
                     name: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
                     refsource: "MISC",
                     tags: [
                        "Exploit",
                     ],
                     url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
                  },
                  {
                     name: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
                     refsource: "CONFIRM",
                     tags: [
                        "Patch",
                        "Vendor Advisory",
                     ],
                     url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
                  },
                  {
                     name: "95910",
                     refsource: "OSVDB",
                     tags: [],
                     url: "http://osvdb.org/show/osvdb/95910",
                  },
                  {
                     name: "61579",
                     refsource: "BID",
                     tags: [],
                     url: "http://www.securityfocus.com/bid/61579",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 8.6,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: true,
            },
         },
         lastModifiedDate: "2023-04-26T19:27Z",
         publishedDate: "2014-07-07T14:55Z",
      },
   },
}

fkie_cve-2013-7389

Vulnerability from fkie_nvd

Published

2014-07-07 14:55

Modified

2024-11-21 02:00

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/show/osvdb/95910
cve@mitre.org	http://osvdb.org/show/osvdb/95952
cve@mitre.org	http://osvdb.org/show/osvdb/95953
cve@mitre.org	http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt	Exploit
cve@mitre.org	http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/61579
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95910
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95952
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/show/osvdb/95953
af854a3a-2127-422b-91ae-364da2661108	http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61579

Impacted products

	Vendor	Product	Version
	dlink	dir-645_firmware	*
	dlink	dir-645	a1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-645_firmware:*:b08:*:*:*:*:*:*",
                     matchCriteriaId: "EA1EE89F-4AFE-4B6A-BE6F-09184B0D2956",
                     versionEndIncluding: "1.03",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades de XSS en D-Link DIR-645 Router (Rev. A1) con firmware anterior a 1.04B11 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro deviceid en parentalcontrols/bind.php, (2) el parámetro RESULT en info.php o (3) el parámetro receiver en bsc_sms_send.php.",
      },
   ],
   id: "CVE-2013-7389",
   lastModified: "2024-11-21T02:00:54.403",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2014-07-07T14:55:03.147",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/show/osvdb/95910",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/show/osvdb/95952",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/show/osvdb/95953",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/61579",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/show/osvdb/95910",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/show/osvdb/95952",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/show/osvdb/95953",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/61579",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-7389

Vulnerability from cvelistv5

ghsa-w84x-2hxj-9gfv

Vulnerability from github

var-201407-0318

Vulnerability from variot

gsd-2013-7389

Vulnerability from gsd

fkie_cve-2013-7389

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature