Sign-up

ID

VAR-201311-0097


CVE

CVE-2013-3095


TITLE

D-Link DIR-865L Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-04032 // CNNVD: CNNVD-201304-448

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi. D-Link DIR-865L Router (Rev. The D-Link DIR-865L is an enterprise-class wireless routing device. D-Link DIR-865L has a cross-site request forgery vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Such as changing the login password, enabling some services, etc. D-Link DIR-865L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2013-3095 // JVNDB: JVNDB-2013-005203 // CNVD: CNVD-2013-04032 // BID: 59312 // VULHUB: VHN-63097

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04032

AFFECTED PRODUCTS

vendor:dlinkmodel:dir865lscope:eqversion:1.02

Trust: 1.6

vendor:dlinkmodel:dir865lscope:eqversion:1.00b24

Trust: 1.6

vendor:dlinkmodel:dir865lscope:eqversion:1.03

Trust: 1.6

vendor:dlinkmodel:dir865lscope:lteversion:1.05

Trust: 1.0

vendor:dlinkmodel:dir865lscope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dir-865lscope:eqversion:(rev. a1)

Trust: 0.8

vendor:d linkmodel:dir-865lscope:ltversion:1.05b07

Trust: 0.8

vendor:d linkmodel:dir-865lscope:eqversion:1.03

Trust: 0.6

vendor:dlinkmodel:dir865lscope:eqversion:1.05

Trust: 0.6

sources: CNVD: CNVD-2013-04032 // JVNDB: JVNDB-2013-005203 // CNNVD: CNNVD-201304-448 // NVD: CVE-2013-3095

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3095
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3095
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04032
value: LOW

Trust: 0.6

CNNVD: CNNVD-201304-448
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63097
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3095
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04032
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63097
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04032 // VULHUB: VHN-63097 // JVNDB: JVNDB-2013-005203 // CNNVD: CNNVD-201304-448 // NVD: CVE-2013-3095

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-63097 // JVNDB: JVNDB-2013-005203 // NVD: CVE-2013-3095

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-448

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201304-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005203

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63097

PATCH
title:SAP10003url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10003
Trust: 0.8
title:DIR-865L_FIRMWARE_1.05B07url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48814
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-005203 // 
            
            
            
            CNNVD: CNNVD-201304-448

EXTERNAL IDS
db:NVDid:CVE-2013-3095
Trust: 3.4
db:SECUNIAid:53064
Trust: 2.3
db:DLINKid:SAP10003
Trust: 1.7
db:BIDid:59312
Trust: 1.6
db:JVNDBid:JVNDB-2013-005203
Trust: 0.8
db:CNNVDid:CNNVD-201304-448
Trust: 0.7
db:CNVDid:CNVD-2013-04032
Trust: 0.6
db:EXPLOIT-DBid:38481
Trust: 0.1
db:VULHUBid:VHN-63097
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04032 // 
            
            
            
            VULHUB: VHN-63097 // 
            
            
            
            BID: 59312 // 
            
            
            
            JVNDB: JVNDB-2013-005203 // 
            
            
            
            CNNVD: CNNVD-201304-448 // 
            
            
            
            NVD: CVE-2013-3095

REFERENCES
url:http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp
Trust: 3.4
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10003
Trust: 1.7
url:http://secunia.com/advisories/53064
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3095
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3095
Trust: 0.8
url:http://www.secunia.com/advisories/53064/
Trust: 0.6
url:http://www.securityfocus.com/bid/59312
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04032 // 
            
            
            
            VULHUB: VHN-63097 // 
            
            
            
            BID: 59312 // 
            
            
            
            JVNDB: JVNDB-2013-005203 // 
            
            
            
            CNNVD: CNNVD-201304-448 // 
            
            
            
            NVD: CVE-2013-3095

CREDITS
Jacob Holcomb from Independent Security Evaluators
Trust: 0.9
sources:
            
            
            BID: 59312 // 
            
            
            
            CNNVD: CNNVD-201304-448

SOURCES
db:CNVDid:CNVD-2013-04032
db:VULHUBid:VHN-63097
db:BIDid:59312
db:JVNDBid:JVNDB-2013-005203
db:CNNVDid:CNNVD-201304-448
db:NVDid:CVE-2013-3095

LAST UPDATE DATE
2024-08-14T15:14:02.145000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04032date:2013-04-24T00:00:00
db:VULHUBid:VHN-63097date:2013-11-20T00:00:00
db:BIDid:59312date:2013-04-19T00:00:00
db:JVNDBid:JVNDB-2013-005203date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201304-448date:2013-11-22T00:00:00
db:NVDid:CVE-2013-3095date:2013-11-20T17:39:14.727

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04032date:2013-04-24T00:00:00
db:VULHUBid:VHN-63097date:2013-11-20T00:00:00
db:BIDid:59312date:2013-04-19T00:00:00
db:JVNDBid:JVNDB-2013-005203date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201304-448date:2013-04-22T00:00:00
db:NVDid:CVE-2013-3095date:2013-11-20T13:19:38.913