Cyber Resilience

CVE-2013-5223

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 19 November 2013

Published
19 November 2013
Modified
22 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.3008 96.8th percentile
Risk Priority 49 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-5223 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Dlink Dsl-2760U Firmware. Its CVSS base score is 5.4 (Medium).

Operationally, ranked in the top 3.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

The vulnerability consists of multiple cross-site scripting flaws, tracked as CVE-2013-5223, that affect the D-Link DSL-2760U Gateway running firmware revision E1. These issues are instances of CWE-79 and are rated at CVSS 5.4. They reside in numerous administrative CGI and CMD endpoints, including sntpcfg.cgi, ddnsmngr.cmd, todmngr.tod, urlfilter.cmd, scprttrg.cmd, scoutflt.cmd, portmapcfg.cmd, snmpconfig.cgi, scinflt.cmd, prmngr.cmd, ippcfg.cmd, samba.cgi, and wlcfg.wl, where unsanitized parameters such as ntpServer1, username, TodUrlAdd, appName, fltName, groupName, snmpRoCommunity, PolicyName, ippName, smbNetBiosName, and wlSsid are accepted.

Remote authenticated users can exploit the flaws by supplying crafted values in HTTP requests to the listed endpoints. Successful injection results in arbitrary web script or HTML being stored and later rendered in the browsers of other authenticated administrators, allowing theft of session tokens or other client-side actions within the gateway's management interface.

No vendor advisories, firmware updates, or mitigation guidance are referenced in the supplied OSVDB entries.

EU & UK References

Vulnerability details

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter…

more

to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dsl-2760u firmware
≤ 1.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs (e.g., ntpServer1, wlSsid, PolicyName) to the listed CGI/CMD endpoints, blocking the unsanitized values that enable stored XSS.

prevent

Requires filtering of information returned by the gateway's web interface, which would mitigate rendering of attacker-supplied script in other administrators' browsers.

detect

Provides integrity verification of web content served by the device, offering a secondary means to detect unauthorized script injection after the fact.

References