cvelistv5 - CVE-2019-6013

CVE-2019-6013 (GCVE-0-2019-6013)

Vulnerability from cvelistv5

Published

2019-12-26 15:16

Modified

2024-08-04 20:09

Severity ?

CWE

OS Command Injection

Summary

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

References

URL

	Vendor	Product	Version
	D-Link Japan K.K.	DBA-1510P	Version: firmware 1.70b009 and earlier

fkie_cve-2019-6013

Vulnerability from fkie_nvd

Published

2019-12-26 16:15

Modified

2024-11-21 04:45

Severity ?

6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN95875796/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.dlink-jp.com/product/dba-1510p#product_firmware	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN95875796/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dlink-jp.com/product/dba-1510p#product_firmware	Vendor Advisory

Impacted products

	Vendor	Product	Version
	dlink	dba-1510p_firmware	*
	dlink	dba-1510p	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dba-1510p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BBE118D-BE8F-4823-A26F-84073F079001",
              "versionEndIncluding": "1.70b009",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dba-1510p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C37EBCA-FFD7-4B25-9455-4C1DF4A843BE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
    },
    {
      "lang": "es",
      "value": "DBA-1510P versi\u00f3n de firmware 1.70b009 y anteriores, permite a atacantes autenticados ejecutar comandos arbitrarios del Sistema Operativo por medio de la Interfaz de L\u00ednea de Comandos (CLI)."
    }
  ],
  "id": "CVE-2019-6013",
  "lastModified": "2024-11-21T04:45:54.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-26T16:15:11.153",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN95875796/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN95875796/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-6013

Vulnerability from jvndb

Published

2019-10-07 15:17

Modified

2019-10-07 15:17

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple OS command injection vulnerabilities in DBA-1510P

Details

DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. * OS command injection vulnerability in Command Line Interface (CLI) (CWE-78) - CVE-2019-6013 * OS command injection vulnerability in Web User Interface (CWE-78) - CVE-2019-6014 Katsuhiko Sato(a.k.a. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN95875796/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6013
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6014
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6013
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6014
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

D-Link Japan K.K.

DBA-1510P firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html",
  "dc:date": "2019-10-07T15:17+09:00",
  "dcterms:issued": "2019-10-07T15:17+09:00",
  "dcterms:modified": "2019-10-07T15:17+09:00",
  "description": "DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below.\r\n\r\n  * OS command injection vulnerability in Command Line Interface (CLI) (CWE-78) - CVE-2019-6013\r\n  * OS command injection vulnerability in Web User Interface (CWE-78) - CVE-2019-6014\r\n\r\nKatsuhiko Sato(a.k.a. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html",
  "sec:cpe": {
    "#text": "cpe:/o:dlink-j:dba-1510p_firmware",
    "@product": "DBA-1510P firmware",
    "@vendor": "D-Link Japan K.K.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-000062",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN95875796/index.html",
      "@id": "JVN#95875796",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6013",
      "@id": "CVE-2019-6013",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6014",
      "@id": "CVE-2019-6014",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6013",
      "@id": "CVE-2019-6013",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6014",
      "@id": "CVE-2019-6014",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple OS command injection vulnerabilities in DBA-1510P"
}

var-201912-0071

Vulnerability from variot

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2019-6014. D-Link DBA-1510P is a wireless access point device from Taiwan D-Link. This vulnerability originates from the process of externally inputting data to construct the executable command of the operating system, and the network system or product is not properly filtered. Special characters, commands, etc., attackers can use this vulnerability to execute illegal operating system commands

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dba-1510p",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.70b009"
      },
      {
        "model": "dba-1510p",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link k k",
        "version": "firmware 1.70b009"
      },
      {
        "model": "dba-1510p \u003c=1.70b009",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "dba-1510p",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dlink",
        "version": "1.70b009"
      },
      {
        "model": "dba-1510p",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dlink",
        "version": "1.70b005"
      },
      {
        "model": "dba-1510p",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dlink",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:misc:d-link_japan_dba-1510p",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      }
    ]
  },
  "cve": "CVE-2019-6013",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.1,
            "id": "CVE-2019-6013",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000062",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000062",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-36969",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.7,
            "id": "CVE-2019-6013",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000062",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.6,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-000062",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6013",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2019-000062",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2019-000062",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-36969",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-293",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6013",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2019-6014. D-Link DBA-1510P is a wireless access point device from Taiwan D-Link. This vulnerability originates from the process of externally inputting data to construct the executable command of the operating system, and the network system or product is not properly filtered. Special characters, commands, etc., attackers can use this vulnerability to execute illegal operating system commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6013",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN95875796",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062",
        "trust": 2.0
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "id": "VAR-201912-0071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      }
    ],
    "trust": 1.24285713
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:39.858000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "R1.70b010",
        "trust": 0.8,
        "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
      },
      {
        "title": "Patch for D-Link DBA-1510P Operating System Command Injection Vulnerability (CNVD-2019-36969)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/186835"
      },
      {
        "title": "D-Link DBA-1510P Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99001"
      },
      {
        "title": "cvecat",
        "trust": 0.1,
        "url": "https://github.com/msantos/cvecat "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn95875796/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
      },
      {
        "trust": 1.2,
        "url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000062.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6013"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6014"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6013"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/msantos/cvecat"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "date": "2019-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "date": "2019-10-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "date": "2019-12-26T16:15:11.153000",
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-36969"
      },
      {
        "date": "2020-01-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6013"
      },
      {
        "date": "2019-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      },
      {
        "date": "2020-01-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      },
      {
        "date": "2024-11-21T04:45:54.880000",
        "db": "NVD",
        "id": "CVE-2019-6013"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple OS command injection vulnerabilities in DBA-1510P",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-000062"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-293"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6013

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

Aliases

CVE-2019-6013

Aliases

CVE-2019-6013

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6013",
    "description": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).",
    "id": "GSD-2019-6013"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6013"
      ],
      "details": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).",
      "id": "GSD-2019-6013",
      "modified": "2023-12-13T01:23:49.420502Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2019-6013",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "DBA-1510P",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware 1.70b009 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "D-Link Japan K.K."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
            "refsource": "MISC",
            "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN95875796/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN95875796/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dba-1510p_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.70b009",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dba-1510p:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6013"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://jvn.jp/en/jp/JVN95875796/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN95875796/index.html"
            },
            {
              "name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-01-07T17:49Z",
      "publishedDate": "2019-12-26T16:15Z"
    }
  }
}

ghsa-c77j-f4m3-28j6

Vulnerability from github

Published

2022-05-24 17:05

Modified

2022-05-24 17:05

Details

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6013"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-26T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).",
  "id": "GHSA-c77j-f4m3-28j6",
  "modified": "2022-05-24T17:05:06Z",
  "published": "2022-05-24T17:05:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6013"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN95875796/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2019-36969

Vulnerability from cnvd

Title

D-Link DBA-1510P操作系统命令注入漏洞（CNVD-2019-36969）

Description

D-Link DBA-1510P是中国台湾友讯（D-Link）公司的一款无线接入点设备。使用1.70b009及之前版本固件的D-Link DBA-1510P版本中的CLI中存在操作系统命令注入漏洞，该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等，攻击者可利用该漏洞执行非法操作系统命令。

Severity

中

Patch Name

D-Link DBA-1510P操作系统命令注入漏洞（CNVD-2019-36969）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dlink.com

Reference

https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html

Impacted products

Name
D-Link DBA-1510P <=1.70b009

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6013",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6013"
    }
  },
  "description": "D-Link DBA-1510P\u662f\u4e2d\u56fd\u53f0\u6e7e\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002\n\n\u4f7f\u75281.70b009\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684D-Link DBA-1510P\u7248\u672c\u4e2d\u7684CLI\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dlink.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-36969",
  "openTime": "2019-10-24",
  "patchDescription": "D-Link DBA-1510P\u662f\u4e2d\u56fd\u53f0\u6e7e\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75281.70b009\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684D-Link DBA-1510P\u7248\u672c\u4e2d\u7684CLI\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "D-Link DBA-1510P\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-36969\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "D-Link DBA-1510P \u003c=1.70b009"
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-07",
  "title": "D-Link DBA-1510P\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-36969\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6013 (GCVE-0-2019-6013)

Vulnerability from cvelistv5

fkie_cve-2019-6013

Vulnerability from fkie_nvd

CVE-2019-6013

Vulnerability from jvndb

var-201912-0071

Vulnerability from variot

gsd-2019-6013

Vulnerability from gsd

ghsa-c77j-f4m3-28j6

Vulnerability from github

cnvd-2019-36969

Vulnerability from cnvd

Tags

Sightings

Nomenclature