Lucene search

[email protected]CVE-2015-1028

HistoryJan 21, 2015 - 3:28 p.m.

CVE-2015-1028

2015-01-2115:28:35

CWE-79

[email protected]

web.nvd.nist.gov

d-link

router

xss

vulnerabilities

firmware

remote authenticated

web script

html

dns proxy

lan configuration

wireless security

wireless password viewer

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).

Affected configurations

NVD

Node

dlinkdsl-2730b_firmwareMatchge_1.01

AND

dlinkdsl-2730bMatchc1

CPENameOperatorVersion
dlink:dsl-2730b_firmwaredlink dsl-2730b firmwareeqge_1.01

CPE	Name	Operator	Version
dlink:dsl-2730b_firmware	dlink dsl-2730b firmware	eq	ge_1.01

References

www.exploit-db.com/exploits/35747

www.exploit-db.com/exploits/35750

www.exploit-db.com/exploits/35751

www.xlabs.com.br/blog/?p=339

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2015-1028

prion1 nvd1 cvelist1