CVE-2015-1028
published 2015-01-21CVE-2015-1028: Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject…
PriorityP419low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
2.83%
84.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configuration Panel); the (2) brName parameter to lancfg2get.cgi (Lan Configuration Panel); the (3) wlAuthMode, (4) wl_wsc_reg, or (5) wl_wsc_mode parameter to wlsecrefresh.wl (Wireless Security Panel); or the (6) wlWpaPsk parameter to wlsecurity.wl (Wireless Password Viewer).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dsl-2730b_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl
exploitdb·2015-01-11
CVE-2015-1028 D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl
---
# Exploit Title: D-Link DSL-2730B Modem wlsecrefresh.wl & wlsecurity.wl Exploit XSS Injection Stored
# Date: 11-01-2015
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.dlink.com
# Hardware version: C1
# Version: GE 1.01
# Tested on: Windows 8 and Linux
#!/usr/bin/perl
#
# Date dd-mm-aaaa: 11-11-2014
# Exploit for D-Link DSL-2730B
# Cross Site Scripting (XSS Injection) Stored in wlsecrefresh.wl
# Developed by Mauricio Corrêa
# XLabs Information Security
# WebSite: www.xlabs.com.br
# More informations: www.xlabs.com.br/blog/?p=339
#
# CAUTION!
# This exploit disables some features of the modem,
# forcing the administrator of the device, accessing the page to reconfigure the modem ag
Exploit-DB
D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting
exploitdb·2015-01-11
CVE-2015-1028 D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting
D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting
---
# Exploit Title: D-Link DSL-2730B Modem lancfg2get.cgi Exploit XSS Injection Stored
# Date: 11-01-2015
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.dlink.com
# Hardware version: C1
# Version: GE 1.01
# Tested on: Windows 8 and Linux
#!/usr/bin/perl
#
# Date dd-mm-aaaa: 11-11-2014
# Exploit for D-Link DSL-2730B
# Cross Site Scripting (XSS Injection) Stored in lancfg2get.cgi
# Developed by Mauricio Corrêa
# XLabs Information Security
# WebSite: www.xlabs.com.br
# More informations: www.xlabs.com.br/blog/?p=339
#
# CAUTION!
# This exploit disables some features of the modem,
# forcing the administrator of the device, accessing the page to reconfigure the modem again,
# occurring script execution in th
Exploit-DB
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
exploitdb·2015-01-11
CVE-2015-1028 D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored DnsProxy.cmd
---
# Exploit Title: D-Link DSL-2730B Modem dnsProxy.cmd Exploit XSS Injection Stored
# Date: 11-01-2015
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.dlink.com
# Hardware version: C1
# Version: GE 1.01
# Tested on: Windows 8 and Linux
#!/usr/bin/perl
#
# Date dd-mm-aaaa: 11-11-2014
# Exploit for D-Link DSL-2730B
# Cross Site Scripting (XSS Injection) Stored in dnsProxy.cmd
# Developed by Mauricio Corrêa
# XLabs Information Security
# WebSite: www.xlabs.com.br
# More informations: www.xlabs.com.br/blog/?p=339
#
# CAUTION!
# This exploit enable some features of the modem,
# forcing the administrator of the device, accessing the page to reconfigure the modem again,
# occurring script execution in the b
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/35747http://www.exploit-db.com/exploits/35750http://www.exploit-db.com/exploits/35751http://www.xlabs.com.br/blog/?p=339http://www.exploit-db.com/exploits/35747http://www.exploit-db.com/exploits/35750http://www.exploit-db.com/exploits/35751http://www.xlabs.com.br/blog/?p=339
2015-01-21
Published