CVE-2014-9517

Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://websecurity.com.ua/7288/	Exploit Third Party Advisory
http://packetstormsecurity.com/files/129609/D-Link-DCS-2103-Brute-Force-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Dec/85	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dcs-2103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dcs-2103:-:*:*:*:*:*:*:*

History

17 Nov 2023, 20:01

Type	Values Removed	Values Added
First Time		Dlink dcs-2103 Firmware Dlink dcs-2103 Dlink
CPE	cpe:2.3:o:d-link:dcs-2103_hd_cube_network_camera_firmware:::::::: cpe:2.3:h:d-link:dcs-2103_hd_cube_network_camera:-:::::::*	cpe:2.3:o:dlink:dcs-2103_firmware:::::::: cpe:2.3:h:dlink:dcs-2103:-:::::::*

Information

Published : 2015-01-05 20:59

Updated : 2023-11-17 20:01

NVD link : CVE-2014-9517

Mitre link : CVE-2014-9517

JSON object : View

Products Affected

dlink

dcs-2103
dcs-2103_firmware

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10