Sign-up

ID

VAR-201406-0434


CVE

CVE-2014-4645


TITLE

D-link DSL-2760U-E1 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-03922 // CNNVD: CNNVD-201406-605

DESCRIPTION

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. The D-Link DSL-2760U-E1 is a standard wireless network router. The D-Link DSL-2760U-E1 router 'dhcpinfo.html' has an HTML injection vulnerability due to failure to filter user-supplied input. An attacker could execute HTML and script code in the context of an affected site, steal a cookie-based authentication certificate or control how the site is presented to the user. D-link DSL-2760U-E1 is a router product of D-Link company

Trust: 3.15

sources: NVD: CVE-2014-4645 // JVNDB: JVNDB-2014-003036 // CNVD: CNVD-2014-03867 // CNVD: CNVD-2014-03922 // BID: 68144 // VULHUB: VHN-72586 // VULMON: CVE-2014-4645

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2014-03867 // CNVD: CNVD-2014-03922

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2760u-e1scope: - version: -

Trust: 2.0

vendor:dlinkmodel:dsl-2760u-e1scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dsl-2760u-e1scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2014-03867 // CNVD: CNVD-2014-03922 // JVNDB: JVNDB-2014-003036 // CNNVD: CNNVD-201406-605 // NVD: CVE-2014-4645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4645
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4645
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03867
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-03922
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-605
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72586
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-4645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4645
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-03867
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2014-03922
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-72586
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03867 // CNVD: CNVD-2014-03922 // VULHUB: VHN-72586 // VULMON: CVE-2014-4645 // JVNDB: JVNDB-2014-003036 // CNNVD: CNNVD-201406-605 // NVD: CVE-2014-4645

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-72586 // JVNDB: JVNDB-2014-003036 // NVD: CVE-2014-4645

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-605

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201406-605

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003036

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-72586 // 
            
            
            
            VULMON: CVE-2014-4645

PATCH
title:USER MANUAL DSL-2760Uurl:ftp://ftp.dlink.ru/pub/ADSL/DSL-2760U_BRU_D/Description/DSL-2760U_user_manual.pdf
Trust: 0.8
title:Patch for D-link DSL-2760U-E1 Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/46827
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03922 // 
            
            
            
            JVNDB: JVNDB-2014-003036

EXTERNAL IDS
db:NVDid:CVE-2014-4645
Trust: 3.5
db:BIDid:68144
Trust: 3.3
db:EXPLOIT-DBid:33822
Trust: 3.2
db:JVNDBid:JVNDB-2014-003036
Trust: 0.8
db:CNNVDid:CNNVD-201406-605
Trust: 0.7
db:CNVDid:CNVD-2014-03867
Trust: 0.6
db:EXPLOITDBid:33822
Trust: 0.6
db:CNVDid:CNVD-2014-03922
Trust: 0.6
db:SEEBUGid:SSVID-87006
Trust: 0.1
db:VULHUBid:VHN-72586
Trust: 0.1
db:VULMONid:CVE-2014-4645
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03867 // 
            
            
            
            CNVD: CNVD-2014-03922 // 
            
            
            
            VULHUB: VHN-72586 // 
            
            
            
            VULMON: CVE-2014-4645 // 
            
            
            
            BID: 68144 // 
            
            
            
            JVNDB: JVNDB-2014-003036 // 
            
            
            
            CNNVD: CNNVD-201406-605 // 
            
            
            
            NVD: CVE-2014-4645

REFERENCES
url:http://www.exploit-db.com/exploits/33822
Trust: 3.2
url:http://www.securityfocus.com/bid/68144
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4645
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4645
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://www.exploit-db.com/exploits/33822/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03867 // 
            
            
            
            CNVD: CNVD-2014-03922 // 
            
            
            
            VULHUB: VHN-72586 // 
            
            
            
            VULMON: CVE-2014-4645 // 
            
            
            
            BID: 68144 // 
            
            
            
            JVNDB: JVNDB-2014-003036 // 
            
            
            
            CNNVD: CNNVD-201406-605 // 
            
            
            
            NVD: CVE-2014-4645

CREDITS
Yuval tisf Nativ
Trust: 0.3
sources:
            
            
            BID: 68144

SOURCES
db:CNVDid:CNVD-2014-03867
db:CNVDid:CNVD-2014-03922
db:VULHUBid:VHN-72586
db:VULMONid:CVE-2014-4645
db:BIDid:68144
db:JVNDBid:JVNDB-2014-003036
db:CNNVDid:CNNVD-201406-605
db:NVDid:CVE-2014-4645

LAST UPDATE DATE
2025-04-13T23:14:46.443000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03867date:2014-06-25T00:00:00
db:CNVDid:CNVD-2014-03922date:2014-06-27T00:00:00
db:VULHUBid:VHN-72586date:2015-09-02T00:00:00
db:VULMONid:CVE-2014-4645date:2015-09-02T00:00:00
db:BIDid:68144date:2014-06-26T14:34:00
db:JVNDBid:JVNDB-2014-003036date:2014-06-27T00:00:00
db:CNNVDid:CNNVD-201406-605date:2023-04-27T00:00:00
db:NVDid:CVE-2014-4645date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03867date:2014-06-25T00:00:00
db:CNVDid:CNVD-2014-03922date:2014-06-27T00:00:00
db:VULHUBid:VHN-72586date:2014-06-25T00:00:00
db:VULMONid:CVE-2014-4645date:2014-06-25T00:00:00
db:BIDid:68144date:2014-06-23T00:00:00
db:JVNDBid:JVNDB-2014-003036date:2014-06-27T00:00:00
db:CNNVDid:CNNVD-201406-605date:2014-06-27T00:00:00
db:NVDid:CVE-2014-4645date:2014-06-25T20:55:07.833