ID

VAR-201210-0554


CVE

CVE-2012-1308


TITLE

D-Link DSL-2640B Firmware redpass.cgi Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2012-004823

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. D-Link is Taiwan's first publicly traded online company, with its own D-Link brand marketing computer network products in more than 100 countries around the world. Other attacks are also possible. The D-Link DSL-2640B router is prone to a cross-site request-forgery vulnerability. This issue affects D-Link DSL-2640B. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment

Trust: 2.52

sources: NVD: CVE-2012-1308 // JVNDB: JVNDB-2012-004823 // CNVD: CNVD-2012-0804 // BID: 52096 // VULHUB: VHN-54589

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-0804

AFFECTED PRODUCTS

vendor:dlinkmodel:dsl-2640bscope:eqversion:4.00

Trust: 1.6

vendor:dlinkmodel:dsl-2640bscope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dsl-2640bscope:eqversion:0

Trust: 0.9

vendor:d linkmodel:dsl-2640bscope: - version: -

Trust: 0.8

vendor:d linkmodel:dsl-2640bscope:eqversion:eu_4.00

Trust: 0.8

sources: CNVD: CNVD-2012-0804 // BID: 52096 // JVNDB: JVNDB-2012-004823 // CNNVD: CNNVD-201202-426 // NVD: CVE-2012-1308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1308
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1308
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-426
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54589
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1308
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54589
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54589 // JVNDB: JVNDB-2012-004823 // CNNVD: CNNVD-201202-426 // NVD: CVE-2012-1308

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-54589 // JVNDB: JVNDB-2012-004823 // NVD: CVE-2012-1308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-426

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201202-426

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004823

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-54589

PATCH

title:DSL-2640Burl:http://www.dlink.com/us/en/home-solutions/connect/modems-and-gateways/dsl-2640b-adsl-2-wireless-g-router-with-4-port-10-100-switch

Trust: 0.8

title:D-Link DSL-2640B 'redpass.cgi' patch for cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/10592

Trust: 0.6

sources: CNVD: CNVD-2012-0804 // JVNDB: JVNDB-2012-004823

EXTERNAL IDS

db:NVDid:CVE-2012-1308

Trust: 2.8

db:BIDid:52096

Trust: 2.6

db:EXPLOIT-DBid:18499

Trust: 1.7

db:JVNDBid:JVNDB-2012-004823

Trust: 0.8

db:CNNVDid:CNNVD-201202-426

Trust: 0.7

db:CNVDid:CNVD-2012-0804

Trust: 0.6

db:XFid:2640

Trust: 0.6

db:XFid:73316

Trust: 0.6

db:SEEBUGid:SSVID-72593

Trust: 0.1

db:VULHUBid:VHN-54589

Trust: 0.1

sources: CNVD: CNVD-2012-0804 // VULHUB: VHN-54589 // BID: 52096 // JVNDB: JVNDB-2012-004823 // CNNVD: CNNVD-201202-426 // NVD: CVE-2012-1308

REFERENCES

url:http://www.securityfocus.com/bid/52096

Trust: 2.3

url:http://www.exploit-db.com/exploits/18499

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/73316

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1308

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1308

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/73316

Trust: 0.6

url:http://www.d-link.com/products/?pid=567

Trust: 0.3

url:http://www.d-link.com

Trust: 0.3

sources: CNVD: CNVD-2012-0804 // VULHUB: VHN-54589 // BID: 52096 // JVNDB: JVNDB-2012-004823 // CNNVD: CNNVD-201202-426 // NVD: CVE-2012-1308

CREDITS

Ivano Binetti

Trust: 0.9

sources: BID: 52096 // CNNVD: CNNVD-201202-426

SOURCES

db:CNVDid:CNVD-2012-0804
db:VULHUBid:VHN-54589
db:BIDid:52096
db:JVNDBid:JVNDB-2012-004823
db:CNNVDid:CNNVD-201202-426
db:NVDid:CVE-2012-1308

LAST UPDATE DATE

2024-08-14T14:52:40.609000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0804date:2012-02-22T00:00:00
db:VULHUBid:VHN-54589date:2017-08-29T00:00:00
db:BIDid:52096date:2012-10-10T18:10:00
db:JVNDBid:JVNDB-2012-004823date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201202-426date:2012-02-23T00:00:00
db:NVDid:CVE-2012-1308date:2017-08-29T01:31:16.273

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-0804date:2012-02-22T00:00:00
db:VULHUBid:VHN-54589date:2012-10-08T00:00:00
db:BIDid:52096date:2012-02-21T00:00:00
db:JVNDBid:JVNDB-2012-004823date:2012-10-11T00:00:00
db:CNNVDid:CNNVD-201202-426date:1900-01-01T00:00:00
db:NVDid:CVE-2012-1308date:2012-10-08T18:55:01.200