Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1028

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-1028
Last Modified 26 Jan 2015 07:55:57
Published 21 Jan 2015 10:28:35
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-1028

Summary

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).

Vulnerable Systems

Operating System

  • D-link Dsl-2730b Firmware Ge 1.01


References

MISC - http://www.xlabs.com.br/blog/?p=339

EXPLOIT-DB - 35751

EXPLOIT-DB - 35750

EXPLOIT-DB - 35747


Last Updated: 27 May 2016 11:07:38