Vulnerabilites related to dlink - dir-600
var-202306-0930
Vulnerability from variot
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company.
There is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0930",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.18"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"cve": "CVE-2023-33626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-52856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33626",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33626",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-52856",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-839",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33626"
},
{
"db": "CNVD",
"id": "CNVD-2023-52856"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33626",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2023-52856",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-839",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"id": "VAR-202306-0930",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
}
],
"trust": 1.4148147999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
}
]
},
"last_update_date": "2024-08-14T14:01:47.610000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://github.com/naihsin/iot/tree/main/d-link/dir-600/overflow"
},
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.6,
"url": "https://github.com/naihsin/iot/blob/main/d-link/dir-600/overflow/readme.md"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-33626/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"date": "2023-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"date": "2023-06-12T20:15:12.667000",
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-52856"
},
{
"date": "2023-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-839"
},
{
"date": "2023-06-16T19:29:32.267000",
"db": "NVD",
"id": "CVE-2023-33626"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-600 buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-52856"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-839"
}
],
"trust": 0.6
}
}
var-201906-0703
Vulnerability from variot
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link.
Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0703",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-300",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.14b01"
},
{
"model": "dir-845",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-600",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17b01"
},
{
"model": "dir-865",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b03"
},
{
"model": "dir-645",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b11"
},
{
"model": "dir-300",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "2.17b01"
},
{
"model": "dir-645",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b11"
},
{
"model": "dir-845",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.02b03"
},
{
"model": "dir-865",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600 \u003cv2.17b01",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645 \u003cv1.04b11",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-845 \u003cv1.02b03",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-645_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-845_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
}
]
},
"cve": "CVE-2013-7471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-7471",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-7471",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7471",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-7471",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-39561",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-399",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-67473",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-7471",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. \n\nCommand injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7471",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "27044",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "27044",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39561",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67473",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-7471",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"id": "VAR-201906-0703",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
}
],
"trust": 1.4161706425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
}
]
},
"last_update_date": "2024-11-23T22:06:10.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/"
},
{
"title": "Patch for Command injection vulnerability in multiple D-Link products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189043"
},
{
"title": "Multiple D-Link Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93638"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/27044"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7471"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-67473"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"date": "2019-06-11T21:29:00.397000",
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"date": "2019-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67473"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"date": "2019-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"date": "2024-11-21T02:01:05.363000",
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
],
"trust": 0.6
}
}
var-201501-0347
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.16ww"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 2.17b02"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.16ww"
},
{
"model": "dir-600 2.16ww",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dawid Czagan",
"sources": [
{
"db": "BID",
"id": "66092"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.9
},
"cve": "CVE-2014-100005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-100005",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-01581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68501",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-100005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2014-100005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-100005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2014-100005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-100005",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68501",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-100005",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "57304",
"trust": 2.3
},
{
"db": "DLINK",
"id": "SAP10018",
"trust": 2.0
},
{
"db": "BID",
"id": "66092",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6
},
{
"db": "XF",
"id": "91794",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89342",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68501",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"id": "VAR-201501-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 1.5214286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
}
]
},
"last_update_date": "2024-11-23T21:55:08.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10018",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
},
{
"title": "DIR-600_REVB_FIRMWARE_2.17.B02",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"trust": 2.0,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57304"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100005"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57304/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91794"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66092"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2015-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2015-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2014-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2015-01-13T11:59:04.477000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2024-05-31T06:43:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2024-11-21T02:03:12.533000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DIR-600\u00a0 Cross-site request forgery vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
}
}
var-202306-0904
Vulnerability from variot
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company.
There is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0904",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.18"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.18"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"cve": "CVE-2023-33625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-50813",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33625",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33625",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-50813",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-822",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33625"
},
{
"db": "CNVD",
"id": "CNVD-2023-50813"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33625",
"trust": 2.2
},
{
"db": "CNVD",
"id": "CNVD-2023-50813",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"id": "VAR-202306-0904",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
}
],
"trust": 1.4148147999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
}
]
},
"last_update_date": "2024-08-14T13:20:13.113000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.6,
"url": "https://github.com/naihsin/iot/blob/main/d-link/dir-600/cmd%20injection/readme.md"
},
{
"trust": 1.6,
"url": "https://github.com/naihsin/iot/tree/main/d-link/dir-600/cmd%20injection"
},
{
"trust": 1.0,
"url": "https://hackmd.io/%40naihsin/by2datzd2"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33625"
},
{
"trust": 0.6,
"url": "https://hackmd.io/@naihsin/by2datzd2"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-33625/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"date": "2023-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"date": "2023-06-12T20:15:12.610000",
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"date": "2023-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-822"
},
{
"date": "2023-11-07T04:15:06.080000",
"db": "NVD",
"id": "CVE-2023-33625"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-600 Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-50813"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-822"
}
],
"trust": 0.6
}
}
cve-2013-7471
Vulnerability from cvelistv5
Published
2019-06-11 20:46
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s3cur1ty.de/m1adv2013-020 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/27044 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:46:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s3cur1ty.de/m1adv2013-020",
"refsource": "MISC",
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"name": "https://www.exploit-db.com/exploits/27044",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/27044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7471",
"datePublished": "2019-06-11T20:46:45",
"dateReserved": "2019-06-11T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-100005
Vulnerability from cvelistv5
Published
2015-01-13 11:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57304 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | vdb-entry, x_refsource_XF | |
| http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | x_refsource_MISC | |
| http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-600_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-600_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "2.16ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-600",
"vendor": "dlink",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-100005",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T16:03:21.114106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-16",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-100005"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T16:04:11.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:55.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57304"
},
{
"name": "dir600-settings-csrf(91794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "57304",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57304"
},
{
"name": "dir600-settings-csrf(91794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57304"
},
{
"name": "dir600-settings-csrf(91794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"name": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/",
"refsource": "MISC",
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-100005",
"datePublished": "2015-01-13T11:00:00",
"dateReserved": "2015-01-13T00:00:00",
"dateUpdated": "2024-08-06T14:10:55.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33625
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2025-01-03 23:37
Severity ?
EPSS score ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackmd.io/%40naihsin/By2datZD2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33625",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T23:36:52.447176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T23:37:13.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection"
},
{
"url": "https://hackmd.io/%40naihsin/By2datZD2"
},
{
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33625",
"datePublished": "2023-06-12T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-03T23:37:13.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-33626
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2025-01-03 23:35
Severity ?
EPSS score ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:06.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33626",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T23:35:10.277645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T23:35:27.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow"
},
{
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33626",
"datePublished": "2023-06-12T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-03T23:35:27.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-06-12 20:15
Modified
2024-11-21 08:05
Severity ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | 2.18 | |
| dlink | dir-600 | b5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2E697344-0C5B-4B30-B199-87AFB7A4581F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*",
"matchCriteriaId": "43D0282B-AEE7-45DD-AF27-1776072C45BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary."
}
],
"id": "CVE-2023-33626",
"lastModified": "2024-11-21T08:05:46.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-12T20:15:12.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-12 20:15
Modified
2024-11-21 08:05
Severity ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | 2.18 | |
| dlink | dir-600 | b5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2E697344-0C5B-4B30-B199-87AFB7A4581F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*",
"matchCriteriaId": "43D0282B-AEE7-45DD-AF27-1776072C45BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function."
}
],
"id": "CVE-2023-33625",
"lastModified": "2024-11-21T08:05:46.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-12T20:15:12.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection"
},
{
"source": "cve@mitre.org",
"url": "https://hackmd.io/%40naihsin/By2datZD2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hackmd.io/%40naihsin/By2datZD2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-13 11:59
Modified
2024-12-20 03:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | Exploit, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/57304 | Broken Link | |
| cve@mitre.org | http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57304 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - |
{
"cisaActionDue": "2024-06-06",
"cisaExploitAdd": "2024-05-16",
"cisaRequiredAction": "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.",
"cisaVulnerabilityName": "D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC4A091-E1B0-42D0-80B7-D84D6E430E01",
"versionEndIncluding": "2.16ww",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A8637C-BD16-4B96-A1DA-34529F3169D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en el router D-Link DIR-600 (rev. Bx) con firmware anterior a 2.17b02 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) crean una cuenta de administrador o (2) habilitan la gesti\u00f3n remota a trav\u00e9s de un m\u00f3dulo de configuraci\u00f3n manipulado en hedwig.cgi, (3) activan nuevos ajustes de configuraciones a trav\u00e9s de una acci\u00f3n SETCFG,SAVE,ACTIVATE en pigwidgeon.cgi, o (4) env\u00edan un ping a trav\u00e9s de una acci\u00f3n ping en diagnostic.php."
}
],
"id": "CVE-2014-100005",
"lastModified": "2024-12-20T03:42:23.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2015-01-13T11:59:04.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/57304"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/57304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-11 21:29
Modified
2024-11-21 02:01
Severity ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | 2.14b01 | |
| dlink | dir-300 | b | |
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - | |
| dlink | dir-645_firmware | * | |
| dlink | dir-645 | - | |
| dlink | dir-845_firmware | * | |
| dlink | dir-845 | - | |
| dlink | dir-865_firmware | 1.05b03 | |
| dlink | dir-865 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA53054-8F21-497B-B220-CB77F0F997C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*",
"matchCriteriaId": "3C94BE4B-01ED-4300-AEA0-498D3DCF608D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DD6B48-FCE3-4220-8677-69665DE92A6E",
"versionEndExcluding": "2.17b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A8637C-BD16-4B96-A1DA-34529F3169D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7E296-D25F-4991-ABE9-4FA07846ED3D",
"versionEndExcluding": "1.04b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D49F68-E15D-478B-B88E-089291BF7DB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC2324-0103-45B1-A874-1FA3AC9C3CA4",
"versionEndExcluding": "1.02b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F89A1489-4ACD-4140-A130-12CD7409437A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C3448-3D2C-4FF8-80C5-AB73B0AFD39D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE230FF-F0FD-42F2-BBFB-CD2B9DD5EA1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en soap.cgi? Service = WANIPConn1 en D-Link DIR-845 anterior de v1.02b03, DIR-600 antes de v2.17b01, DIR-645 anterior de v1.04b11, DIR-300 rev. B, y dispositivos DIR-865. Existe una Inyecci\u00f3n de comandos a trav\u00e9s de metacaracteres de shell en el elemento NewInternalClient, NewExternalPort o NewInternalPort de una solicitud POST de SOAP."
}
],
"id": "CVE-2013-7471",
"lastModified": "2024-11-21T02:01:05.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-11T21:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/27044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}