Sign-up

ID

VAR-201402-0419


CVE

CVE-2013-7321


TITLE

D-Link DAP-2553 Access Point Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006010

DESCRIPTION

Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. D-Link DAP-2253 is a router device of D-Link. Cross-site scripting and cross-site request forgery vulnerabilities exist in D-Link DAP-2253 routers using firmware 1.26rc55 and earlier. Attackers can use these vulnerabilities to execute arbitrary script code in the context browser of the affected site, steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, and there may be other forms of attacks. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Other attacks may also be possible. D-Link DAP-2253 running firmware 1.26rc55 and prior are vulnerable. D-Link DAP-2553 Access Point is a wireless access point product of D-Link. A1) with firmware 1.26rc55 and earlier

Trust: 3.33

sources: NVD: CVE-2013-7321 // JVNDB: JVNDB-2013-006010 // CNVD: CNVD-2013-15307 // CNNVD: CNNVD-201312-314 // BID: 64593 // BID: 64297 // VULHUB: VHN-67323

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15307

AFFECTED PRODUCTS

vendor:d linkmodel:dap 2253scope:eqversion:a1

Trust: 1.0

vendor:d linkmodel:dap 2253scope:lteversion:1.26rc55

Trust: 1.0

vendor:d linkmodel:dap-2553scope:eqversion:revision a1

Trust: 0.8

vendor:d linkmodel:dap-2553scope:ltversion:1.30

Trust: 0.8

vendor:d linkmodel:dap-2553scope: - version: -

Trust: 0.6

vendor:d linkmodel:dap 2253scope:eqversion:1.26rc55

Trust: 0.6

sources: CNVD: CNVD-2013-15307 // JVNDB: JVNDB-2013-006010 // CNNVD: CNNVD-201402-066 // NVD: CVE-2013-7321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7321
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-7321
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-15307
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-066
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67323
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7321
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-15307
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67323
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-15307 // VULHUB: VHN-67323 // JVNDB: JVNDB-2013-006010 // CNNVD: CNNVD-201402-066 // NVD: CVE-2013-7321

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-67323 // JVNDB: JVNDB-2013-006010 // NVD: CVE-2013-7321

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201312-314 // CNNVD: CNNVD-201402-066

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006010

PATCH
title:SAP10006url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006
Trust: 0.8
title:D-Link DAP-2553 has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/41826
Trust: 0.6
title:DAP-2553_FIRMWARE_MIB_1.30.RC055url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48139
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            JVNDB: JVNDB-2013-006010 // 
            
            
            
            CNNVD: CNNVD-201402-066

EXTERNAL IDS
db:NVDid:CVE-2013-7321
Trust: 3.1
db:DLINKid:SAP10006
Trust: 2.6
db:SECUNIAid:56022
Trust: 2.3
db:BIDid:64297
Trust: 2.0
db:JVNDBid:JVNDB-2013-006010
Trust: 0.8
db:CNNVDid:CNNVD-201402-066
Trust: 0.7
db:CNVDid:CNVD-2013-15307
Trust: 0.6
db:CNNVDid:CNNVD-201312-314
Trust: 0.6
db:XFid:89728
Trust: 0.6
db:BIDid:64593
Trust: 0.3
db:VULHUBid:VHN-67323
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            VULHUB: VHN-67323 // 
            
            
            
            BID: 64593 // 
            
            
            
            BID: 64297 // 
            
            
            
            JVNDB: JVNDB-2013-006010 // 
            
            
            
            CNNVD: CNNVD-201312-314 // 
            
            
            
            CNNVD: CNNVD-201402-066 // 
            
            
            
            NVD: CVE-2013-7321

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10006
Trust: 2.6
url:http://secunia.com/advisories/56022
Trust: 2.3
url:http://www.securityfocus.com/bid/64297
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89728
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7321
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7321
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/89728
Trust: 0.6
url:http://www.dlink.com/us/en/business-solutions/wireless/access-points/access-points/dap-2553-wireless-n600-dual-band-poe-access-point
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            VULHUB: VHN-67323 // 
            
            
            
            BID: 64593 // 
            
            
            
            JVNDB: JVNDB-2013-006010 // 
            
            
            
            CNNVD: CNNVD-201312-314 // 
            
            
            
            CNNVD: CNNVD-201402-066 // 
            
            
            
            NVD: CVE-2013-7321

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 64593

SOURCES
db:CNVDid:CNVD-2013-15307
db:VULHUBid:VHN-67323
db:BIDid:64593
db:BIDid:64297
db:JVNDBid:JVNDB-2013-006010
db:CNNVDid:CNNVD-201312-314
db:CNNVDid:CNNVD-201402-066
db:NVDid:CVE-2013-7321

LAST UPDATE DATE
2025-04-11T23:02:49.800000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-15307date:2014-02-18T00:00:00
db:VULHUBid:VHN-67323date:2017-08-29T00:00:00
db:BIDid:64593date:2015-03-19T09:23:00
db:BIDid:64297date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-006010date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201312-314date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201402-066date:2014-02-24T00:00:00
db:NVDid:CVE-2013-7321date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-15307date:2013-12-18T00:00:00
db:VULHUBid:VHN-67323date:2014-02-06T00:00:00
db:BIDid:64593date:2013-11-26T00:00:00
db:BIDid:64297date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-006010date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201312-314date:2013-11-26T00:00:00
db:CNNVDid:CNNVD-201402-066date:2014-02-12T00:00:00
db:NVDid:CVE-2013-7321date:2014-02-06T16:10:59.170