Details of VAR-202002-0564

ID

VAR-202002-0564

CVE

CVE-2013-3096

TITLE

D-Link DIR865L Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2013-007206

DESCRIPTION

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. D-Link DIR865L There is an authentication vulnerability in.Information may be tampered with. The D-Link DIR-865L is an enterprise-class wireless routing device. No detailed vulnerability details are available. D-Link DIR-865L is prone to a security-bypass vulnerability. Very limited information is currently available regarding this issue. We will update this BID as more information emerges. Exploiting this issue could allow an attacker to bypass certain security restrictions and gain unauthorized access to the affected device. D-Link DIR-865L firmware version 1.03 is vulnerable; other versions may also be affected

Trust: 2.43

sources: NVD: CVE-2013-3096 // JVNDB: JVNDB-2013-007206 // CNVD: CNVD-2013-04033 // BID: 59475

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04033

AFFECTED PRODUCTS

vendor:	d link	model:	dir-865l	scope:	eq	version:	1.03	Trust: 1.4
vendor:	dlink	model:	dir865l	scope:	eq	version:	1.03	Trust: 1.0

sources: CNVD: CNVD-2013-04033 // JVNDB: JVNDB-2013-007206 // NVD: CVE-2013-3096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3096
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2013-007206
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04033
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201304-554
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-3096
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2013-007206
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-04033
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-3096
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2013-007206
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-04033 // JVNDB: JVNDB-2013-007206 // CNNVD: CNNVD-201304-554 // NVD: CVE-2013-3096

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2013-007206 // NVD: CVE-2013-3096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-554

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201304-554

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-007206

PATCH

title:

Top Page

url:

https://support.dlink.com/index.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2013-007206

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3096	Trust: 3.3
db:	JVNDB	id:	JVNDB-2013-007206	Trust: 0.8
db:	SECUNIA	id:	53064	Trust: 0.6
db:	CNVD	id:	CNVD-2013-04033	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-554	Trust: 0.6
db:	BID	id:	59475	Trust: 0.3

sources: CNVD: CNVD-2013-04033 // BID: 59475 // JVNDB: JVNDB-2013-007206 // CNNVD: CNNVD-201304-554 // NVD: CVE-2013-3096

REFERENCES

url:	https://www.ise.io/research/studies-and-papers/dlink_dir865l/	Trust: 2.4
url:	http://securityevaluators.com/knowledge/case_studies/routers/dlink_dir865l.php	Trust: 1.6
url:	http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3096	Trust: 1.4
url:	http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3096	Trust: 0.8
url:	http://www.secunia.com/advisories/53064/	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2013-04033 // BID: 59475 // JVNDB: JVNDB-2013-007206 // CNNVD: CNNVD-201304-554 // NVD: CVE-2013-3096

CREDITS

Jacob Holcomb

Trust: 0.9

sources: BID: 59475 // CNNVD: CNNVD-201304-554

SOURCES

db:	CNVD	id:	CNVD-2013-04033
db:	BID	id:	59475
db:	JVNDB	id:	JVNDB-2013-007206
db:	CNNVD	id:	CNNVD-201304-554
db:	NVD	id:	CVE-2013-3096

LAST UPDATE DATE

2024-08-14T15:14:02.112000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04033	date:	2013-04-24T00:00:00
db:	BID	id:	59475	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-007206	date:	2020-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-554	date:	2020-05-25T00:00:00
db:	NVD	id:	CVE-2013-3096	date:	2020-02-10T17:36:10.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04033	date:	2013-04-24T00:00:00
db:	BID	id:	59475	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-007206	date:	2020-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-554	date:	2013-04-27T00:00:00
db:	NVD	id:	CVE-2013-3096	date:	2020-02-07T19:15:10.037