D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

5.4 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitation Likelihood

EPSS Prediction

35.46 %

Predictive Probability

Percentile Rank

96.9 th

Documented as more likely to be exploited than 96.9% of known CVEs.

Detection Date

Mar 25, 2022

Remediation Due

Apr 15, 2022

CISA Catalog Active

Threat Analysis

A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

Remediation Directive

Apply updates per vendor instructions.

Asset Context

Vendor Identity

D-Link

Affected Product

DSL-2760U

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-79

External Intelligence

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2013-5223