Sign-up

ID

VAR-201311-0179


CVE

CVE-2013-5730


TITLE

D-Link DSL-2740B Cross-site request forgery vulnerability in gateway firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-005204

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd. The D-Link DSL-2740B is a router device. There are multiple cross-site request forgery vulnerabilities in the D-Link DSL-2740B. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DSL-2740B EU_1.00 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2013-5730 // JVNDB: JVNDB-2013-005204 // CNVD: CNVD-2013-14599 // BID: 62356 // VULHUB: VHN-65732

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14599

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2740bscope: - version: -

Trust: 1.6

vendor:dlinkmodel:dsl-2740bscope:eqversion:1.00

Trust: 1.6

vendor:dlinkmodel:dsl-2740bscope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dsl-2740b eu 1.00scope: - version: -

Trust: 0.9

sources: CNVD: CNVD-2013-14599 // BID: 62356 // JVNDB: JVNDB-2013-005204 // CNNVD: CNNVD-201309-236 // NVD: CVE-2013-5730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5730
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5730
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14599
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201309-236
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65732
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5730
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14599
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65732
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14599 // VULHUB: VHN-65732 // JVNDB: JVNDB-2013-005204 // CNNVD: CNNVD-201309-236 // NVD: CVE-2013-5730

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-65732 // JVNDB: JVNDB-2013-005204 // NVD: CVE-2013-5730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-236

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201309-236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005204

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-65732

PATCH
title:SAP10004url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005204

EXTERNAL IDS
db:NVDid:CVE-2013-5730
Trust: 3.4
db:PACKETSTORMid:123200
Trust: 1.7
db:DLINKid:SAP10004
Trust: 1.7
db:BIDid:62356
Trust: 1.6
db:JVNDBid:JVNDB-2013-005204
Trust: 0.8
db:CNNVDid:CNNVD-201309-236
Trust: 0.7
db:CNVDid:CNVD-2013-14599
Trust: 0.6
db:EXPLOIT-DBid:28239
Trust: 0.1
db:SEEBUGid:SSVID-81816
Trust: 0.1
db:VULHUBid:VHN-65732
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14599 // 
            
            
            
            VULHUB: VHN-65732 // 
            
            
            
            BID: 62356 // 
            
            
            
            JVNDB: JVNDB-2013-005204 // 
            
            
            
            CNNVD: CNNVD-201309-236 // 
            
            
            
            NVD: CVE-2013-5730

REFERENCES
url:http://www.webapp-security.com/wp-content/uploads/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities1.txt
Trust: 3.1
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10004
Trust: 1.7
url:http://packetstormsecurity.com/files/123200/d-link-dsl-2740b-cross-site-request-forgery.html
Trust: 1.7
url:http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5730
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5730
Trust: 0.8
url:http://www.securityfocus.com/bid/62356
Trust: 0.6
url:http://www.dlink.com/us/en/home-solutions/connect/modems-and-gateways/dsl-2740b-adsl2plus-modem-with-wireless-n-300-router
Trust: 0.3
url:http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14599 // 
            
            
            
            VULHUB: VHN-65732 // 
            
            
            
            BID: 62356 // 
            
            
            
            JVNDB: JVNDB-2013-005204 // 
            
            
            
            CNNVD: CNNVD-201309-236 // 
            
            
            
            NVD: CVE-2013-5730

CREDITS
Ivano Binetti
Trust: 0.9
sources:
            
            
            BID: 62356 // 
            
            
            
            CNNVD: CNNVD-201309-236

SOURCES
db:CNVDid:CNVD-2013-14599
db:VULHUBid:VHN-65732
db:BIDid:62356
db:JVNDBid:JVNDB-2013-005204
db:CNNVDid:CNNVD-201309-236
db:NVDid:CVE-2013-5730

LAST UPDATE DATE
2025-04-11T22:48:32.689000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14599date:2013-11-22T00:00:00
db:VULHUBid:VHN-65732date:2017-04-29T00:00:00
db:BIDid:62356date:2013-09-08T00:00:00
db:JVNDBid:JVNDB-2013-005204date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201309-236date:2013-11-22T00:00:00
db:NVDid:CVE-2013-5730date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14599date:2013-11-22T00:00:00
db:VULHUBid:VHN-65732date:2013-11-20T00:00:00
db:BIDid:62356date:2013-09-08T00:00:00
db:JVNDBid:JVNDB-2013-005204date:2013-11-21T00:00:00
db:CNNVDid:CNNVD-201309-236date:2013-09-17T00:00:00
db:NVDid:CVE-2013-5730date:2013-11-20T13:19:42.367