Details of VAR-201906-0703

ID

VAR-201906-0703

CVE

CVE-2013-7471

TITLE

plural D-Link Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2013-006844

DESCRIPTION

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev

Trust: 2.34

sources: NVD: CVE-2013-7471 // JVNDB: JVNDB-2013-006844 // CNVD: CNVD-2019-39561 // VULHUB: VHN-67473 // VULMON: CVE-2013-7471

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-39561

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-845	scope:	lt	version:	1.02b03	Trust: 1.0
vendor:	dlink	model:	dir-600	scope:	lt	version:	2.17b01	Trust: 1.0
vendor:	dlink	model:	dir-300	scope:	eq	version:	2.14b01	Trust: 1.0
vendor:	dlink	model:	dir-645	scope:	lt	version:	1.04b11	Trust: 1.0
vendor:	dlink	model:	dir-865	scope:	eq	version:	1.05b03	Trust: 1.0
vendor:	d link	model:	dir-300	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-600	scope:	lt	version:	2.17b01	Trust: 0.8
vendor:	d link	model:	dir-645	scope:	lt	version:	1.04b11	Trust: 0.8
vendor:	d link	model:	dir-845	scope:	lt	version:	1.02b03	Trust: 0.8
vendor:	d link	model:	dir-865	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-600 <v2.17b01	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-645 <v1.04b11	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-845 <v1.02b03	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-39561 // JVNDB: JVNDB-2013-006844 // NVD: CVE-2013-7471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7471
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2013-7471
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-39561
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-399
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-67473
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-7471
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-7471
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-39561
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-67473
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2013-7471
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2013-7471
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-39561 // VULHUB: VHN-67473 // VULMON: CVE-2013-7471 // JVNDB: JVNDB-2013-006844 // CNNVD: CNNVD-201906-399 // NVD: CVE-2013-7471

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-67473 // JVNDB: JVNDB-2013-006844 // NVD: CVE-2013-7471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-399

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006844

PATCH

title:	Top Page	url:	http://us.dlink.com/	Trust: 0.8
title:	Patch for Command injection vulnerability in multiple D-Link products	url:	https://www.cnvd.org.cn/patchInfo/show/189043	Trust: 0.6
title:	Multiple D-Link Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93638	Trust: 0.6

sources: CNVD: CNVD-2019-39561 // JVNDB: JVNDB-2013-006844 // CNNVD: CNNVD-201906-399

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7471	Trust: 3.2
db:	EXPLOIT-DB	id:	27044	Trust: 2.4
db:	JVNDB	id:	JVNDB-2013-006844	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-399	Trust: 0.7
db:	EXPLOITDB	id:	27044	Trust: 0.6
db:	CNVD	id:	CNVD-2019-39561	Trust: 0.6
db:	VULHUB	id:	VHN-67473	Trust: 0.1
db:	VULMON	id:	CVE-2013-7471	Trust: 0.1

sources: CNVD: CNVD-2019-39561 // VULHUB: VHN-67473 // VULMON: CVE-2013-7471 // JVNDB: JVNDB-2013-006844 // CNNVD: CNNVD-201906-399 // NVD: CVE-2013-7471

REFERENCES

url:	http://www.s3cur1ty.de/m1adv2013-020	Trust: 2.6
url:	https://www.exploit-db.com/exploits/27044	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7471	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-39561 // VULHUB: VHN-67473 // VULMON: CVE-2013-7471 // JVNDB: JVNDB-2013-006844 // CNNVD: CNNVD-201906-399 // NVD: CVE-2013-7471

SOURCES

db:	CNVD	id:	CNVD-2019-39561
db:	VULHUB	id:	VHN-67473
db:	VULMON	id:	CVE-2013-7471
db:	JVNDB	id:	JVNDB-2013-006844
db:	CNNVD	id:	CNNVD-201906-399
db:	NVD	id:	CVE-2013-7471

LAST UPDATE DATE

2024-08-14T14:45:19.741000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39561	date:	2019-11-07T00:00:00
db:	VULHUB	id:	VHN-67473	date:	2019-06-12T00:00:00
db:	VULMON	id:	CVE-2013-7471	date:	2021-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-006844	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-399	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2013-7471	date:	2021-04-23T14:20:32.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-39561	date:	2019-11-07T00:00:00
db:	VULHUB	id:	VHN-67473	date:	2019-06-11T00:00:00
db:	VULMON	id:	CVE-2013-7471	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2013-006844	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-399	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2013-7471	date:	2019-06-11T21:29:00.397