Vulnerabilites related to dlink - dir-865
var-201906-0703
Vulnerability from variot
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link.
Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0703",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-300",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.14b01"
},
{
"model": "dir-845",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-600",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "2.17b01"
},
{
"model": "dir-865",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b03"
},
{
"model": "dir-645",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b11"
},
{
"model": "dir-300",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "2.17b01"
},
{
"model": "dir-645",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b11"
},
{
"model": "dir-845",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.02b03"
},
{
"model": "dir-865",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600 \u003cv2.17b01",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-645 \u003cv1.04b11",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-845 \u003cv1.02b03",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-645_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-845_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
}
]
},
"cve": "CVE-2013-7471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-7471",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-7471",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7471",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2013-7471",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-39561",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-399",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-67473",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-7471",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. \n\nCommand injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7471",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "27044",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "27044",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2019-39561",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67473",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-7471",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"id": "VAR-201906-0703",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
}
],
"trust": 1.4161706425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
}
]
},
"last_update_date": "2024-11-23T22:06:10.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/"
},
{
"title": "Patch for Command injection vulnerability in multiple D-Link products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189043"
},
{
"title": "Multiple D-Link Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93638"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/27044"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7471"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"db": "VULHUB",
"id": "VHN-67473"
},
{
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULHUB",
"id": "VHN-67473"
},
{
"date": "2019-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"date": "2019-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"date": "2019-06-11T21:29:00.397000",
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39561"
},
{
"date": "2019-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67473"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7471"
},
{
"date": "2019-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006844"
},
{
"date": "2019-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-399"
},
{
"date": "2024-11-21T02:01:05.363000",
"db": "NVD",
"id": "CVE-2013-7471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006844"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-399"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-06-11 21:29
Modified
2024-11-21 02:01
Severity ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | 2.14b01 | |
| dlink | dir-300 | b | |
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - | |
| dlink | dir-645_firmware | * | |
| dlink | dir-645 | - | |
| dlink | dir-845_firmware | * | |
| dlink | dir-845 | - | |
| dlink | dir-865_firmware | 1.05b03 | |
| dlink | dir-865 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA53054-8F21-497B-B220-CB77F0F997C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*",
"matchCriteriaId": "3C94BE4B-01ED-4300-AEA0-498D3DCF608D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81DD6B48-FCE3-4220-8677-69665DE92A6E",
"versionEndExcluding": "2.17b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A8637C-BD16-4B96-A1DA-34529F3169D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7E296-D25F-4991-ABE9-4FA07846ED3D",
"versionEndExcluding": "1.04b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D49F68-E15D-478B-B88E-089291BF7DB6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEC2324-0103-45B1-A874-1FA3AC9C3CA4",
"versionEndExcluding": "1.02b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F89A1489-4ACD-4140-A130-12CD7409437A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*",
"matchCriteriaId": "C69C3448-3D2C-4FF8-80C5-AB73B0AFD39D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE230FF-F0FD-42F2-BBFB-CD2B9DD5EA1D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en soap.cgi? Service = WANIPConn1 en D-Link DIR-845 anterior de v1.02b03, DIR-600 antes de v2.17b01, DIR-645 anterior de v1.04b11, DIR-300 rev. B, y dispositivos DIR-865. Existe una Inyecci\u00f3n de comandos a trav\u00e9s de metacaracteres de shell en el elemento NewInternalClient, NewExternalPort o NewInternalPort de una solicitud POST de SOAP."
}
],
"id": "CVE-2013-7471",
"lastModified": "2024-11-21T02:01:05.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-11T21:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/27044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-7471
Vulnerability from cvelistv5
Published
2019-06-11 20:46
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s3cur1ty.de/m1adv2013-020 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/27044 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:46:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/27044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s3cur1ty.de/m1adv2013-020",
"refsource": "MISC",
"url": "http://www.s3cur1ty.de/m1adv2013-020"
},
{
"name": "https://www.exploit-db.com/exploits/27044",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/27044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7471",
"datePublished": "2019-06-11T20:46:45",
"dateReserved": "2019-06-11T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}