Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2015-1028

Published: 21/01/2015 Updated: 26/04/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 365
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Dsl-2730b Firmware

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlink dsl-2730b_firmware ge_1.01

Exploits

Exploit DB: D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
# Exploit Title: D-Link DSL-2730B Modem dnsProxycmd Exploit XSS Injection Stored # Date: 11-01-2015 # Exploit Author: Mauricio Correa # Vendor Homepage: wwwdlinkcom # Hardware version: C1 # Version: GE 101 # Tested on: Windows 8 and Linux #!/usr/bin/perl # # Date dd-mm-aaaa: 11-11-2014 # Exploit for D-Link DSL-2730B # Cross Site Scripting (XS ...
Exploit DB: D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting
# Exploit Title: D-Link DSL-2730B Modem lancfg2getcgi Exploit XSS Injection Stored # Date: 11-01-2015 # Exploit Author: Mauricio Correa # Vendor Homepage: wwwdlinkcom # Hardware version: C1 # Version: GE 101 # Tested on: Windows 8 and Linux #!/usr/bin/perl # # Date dd-mm-aaaa: 11-11-2014 # Exploit for D-Link DSL-2730B # Cross Site Scripting ...
Exploit DB: D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl
# Exploit Title: D-Link DSL-2730B Modem wlsecrefreshwl & wlsecuritywl Exploit XSS Injection Stored # Date: 11-01-2015 # Exploit Author: Mauricio Correa # Vendor Homepage: wwwdlinkcom # Hardware version: C1 # Version: GE 101 # Tested on: Windows 8 and Linux #!/usr/bin/perl # # Date dd-mm-aaaa: 11-11-2014 # Exploit for D-Link DSL-2730B # Cr ...

References

CWE-79http://www.exploit-db.com/exploits/35751http://www.xlabs.com.br/blog/?p=339http://www.exploit-db.com/exploits/35747http://www.exploit-db.com/exploits/35750https://nvd.nist.govhttps://www.exploit-db.com/exploits/35750/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook