CVE-2013-7389

Name of the Vulnerable Software and Affected Versions D-Link DIR-645 Router (Rev. A1) with firmware prior to 1.04B11

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the deviceid parameter to the "parentalcontrols/bind.php" endpoint, the RESULT parameter to the "info.php" endpoint, or the receiver parameter to the "bsc sms send.php" endpoint.

Recommendations For D-Link DIR-645 Router (Rev. A1) with firmware prior to 1.04B11, update the firmware to version 1.04B11 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints, specifically "parentalcontrols/bind.php", "info.php", and "bsc sms send.php", to minimize the risk of exploitation. Avoid using the deviceid, RESULT, and receiver parameters in the affected API endpoints until the issue is resolved.