CVE-2019-13562 - OpenCVE

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dlink	Dir-655 Firmware Dir-655

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-655:-:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf	Third Party Advisory
https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt	Third Party Advisory
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-11T14:59:27

Updated: 2019-07-11T14:59:27

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13562

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-11T15:15:11.660

Modified: 2019-07-12T15:04:52.917

Link: CVE-2019-13562

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-11T14:59:27", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"}, {"tags": ["x_refsource_MISC"], "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13562", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/", "refsource": "MISC", "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"}, {"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf", "refsource": "MISC", "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"}, {"name": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt", "refsource": "MISC", "url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13562", "datePublished": "2019-07-11T14:59:27", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2019-07-11T14:59:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-655_firmware:3.02b05:*:*:*:*:*:*:*", "matchCriteriaId": "802545DF-DFA9-42E8-87EF-3FBA0BB58F96", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-655:-:*:*:*:*:*:*:*", "matchCriteriaId": "86A9FA74-993E-47DC-B3E7-84D336950E81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter."}, {"lang": "es", "value": "Los dispositivos DIR-655 C anterior a versi\u00f3n 3.02B05 BETA03 de D-Link, permiten una vulnerabilidad de tipo XSS, como es demostrado por el par\u00e1metro ping_ipaddr del archivo /www/ping_response.cgi, el par\u00e1metro ping6_ipaddr del archivo /www/ping6_response.cgi, y el par\u00e1metro html_response_return_page del archivo /www/apply_sec.cgi."}], "id": "CVE-2019-13562", "lastModified": "2019-07-12T15:04:52.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-11T15:15:11.660", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/crosssitescripting.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}