CVE-2013-7471

Published Jun 11, 2019

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FA53054-8F21-497B-B220-CB77F0F997C7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C94BE4B-01ED-4300-AEA0-498D3DCF608D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81DD6B48-FCE3-4220-8677-69665DE92A6E",
            "versionEndExcluding": "2.17b01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7A8637C-BD16-4B96-A1DA-34529F3169D3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57B7E296-D25F-4991-ABE9-4FA07846ED3D",
            "versionEndExcluding": "1.04b11"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7D49F68-E15D-478B-B88E-089291BF7DB6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACEC2324-0103-45B1-A874-1FA3AC9C3CA4",
            "versionEndExcluding": "1.02b03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F89A1489-4ACD-4140-A130-12CD7409437A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C69C3448-3D2C-4FF8-80C5-AB73B0AFD39D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1DE230FF-F0FD-42F2-BBFB-CD2B9DD5EA1D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References