MEDIUM✓ PATCH🇬🇧 English

CVE-2013-6786

CVSS 4.3v2.0pub. 2014-01-16upd. 2026-04-29

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Allegrosoft Rompager

    APP
    Allegrosoft
    ≤ 4.07
  • Dlink Dsl 2640r

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsl 2641r

    HW
    Dlink
    wszystkie wersje
  • Huawei Mt882

    HW
    Huawei
    wszystkie wersje
  • Sitecom Wl 174

    HW
    Sitecom
    wszystkie wersje
  • Tp Link Td 8816

    HW
    Tp-Link
    wszystkie wersje
  • Zyxel P 660hw D1

    HW
    Zyxel
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2016-2231CRITICAL9.8ten sam produkt

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relie...

CVE-2014-9222HIGH10.0ten sam produkt

AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products,...

CVE-2014-9223HIGH10.0ten sam produkt

Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors a...

CVE-2013-3588HIGH7.8ten sam produkt

The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboo...

CVE-2008-1526HIGH7.5ten sam produkt

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) throu...