ID
VAR-201312-0289
CVE
CVE-2013-7004
TITLE
plural D-Link Vulnerability to obtain access rights in router product firmware
Trust: 0.8
DESCRIPTION
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username. plural D-Link Router product firmware is user name gkJ9232xXyruTRmY There is a vulnerability that can be obtained because it has a hard-coded account.An access right may be obtained by using the user name information by a third party. D-Link DSR is a wireless service router product developed by D-Link. D-Link DSR Router Series are prone to a security-bypass vulnerability. A trust management vulnerability exists in several D-Link products. The vulnerability stems from the fact that the program has a hard-coded user account named 'gkJ9232xXyruTRmY'. The following products and versions are affected: DSR-150 with firmware version 1.08B29 and earlier; DSR-150N with firmware version 1.05B51 and earlier; DSR-250 and DSR-250N with firmware version 1.08B39 and earlier; DSR-500, DSR-500N, DSR-1000, DSR-1000N with previous firmware versions
Trust: 2.52
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dlink | model: | dsr-150 | scope: | lte | version: | 1.08b29 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.03b36 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.02b25 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.06b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.03b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | eq | version: | 1.08b31 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150n | scope: | lte | version: | 1.05b48 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.03b23 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.03b12 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | 1.05b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.03b23 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.02b11 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.04b58 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.03b27 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.03b27 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.04b58 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150 | scope: | eq | version: | 1.05b50 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150n | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.06b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.03b36 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.03b36 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | lte | version: | 1.08b39 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | 1.08b31 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | eq | version: | 1.01b46 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.02b25 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.03b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | lte | version: | 1.08b51 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.03b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.03b12 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.06b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.01b50 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.06b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | lte | version: | 1.08b51 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.06b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.02b11 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | eq | version: | 1.01b56 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.02b11 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.03b23 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.04b58 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.06b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.06b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | 1.01b46 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | eq | version: | 1.05b20 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.03b27 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.02b25 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.02b25 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | eq | version: | 1.03b12 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | 1.03b12 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150 | scope: | eq | version: | 1.05b46 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.03b36 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150 | scope: | eq | version: | 1.05b35 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.06b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.03b43 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | lte | version: | 1.08b39 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000 | scope: | lte | version: | 1.08b51 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | 1.01b56 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.03b23 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.01b50 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250n | scope: | eq | version: | 1.05b53 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | dlink | model: | dsr-150 | scope: | eq | version: | 1.05b29 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-250 | scope: | eq | version: | 1.05b20 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-1000n | scope: | eq | version: | 1.02b11 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.04b58 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500n | scope: | eq | version: | 1.03b27 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | lte | version: | 1.08b51 | Trust: 1.0 |
| vendor: | dlink | model: | dsr-500 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | d link | model: | dsr-1000 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-1000 | scope: | lt | version: | 1.08b77 | Trust: 0.8 |
| vendor: | d link | model: | dsr-1000n | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-1000n | scope: | lt | version: | 1.08b77 | Trust: 0.8 |
| vendor: | d link | model: | dsr-150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-150 | scope: | lt | version: | 1.08b44 | Trust: 0.8 |
| vendor: | d link | model: | dsr-150n | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-150n | scope: | lt | version: | 1.05b64 | Trust: 0.8 |
| vendor: | d link | model: | dsr-250 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-250 | scope: | lt | version: | 1.08b44 | Trust: 0.8 |
| vendor: | d link | model: | dsr-250n | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-250n | scope: | lt | version: | 1.08b44 | Trust: 0.8 |
| vendor: | d link | model: | dsr-500 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-500 | scope: | lt | version: | 1.08b77 | Trust: 0.8 |
| vendor: | d link | model: | dsr-500n | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | dsr-500n | scope: | lt | version: | 1.08b77 | Trust: 0.8 |
| vendor: | d link | model: | dsr-150 v1.08b44 | scope: | lt | version: | - | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.02b11 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.02b25 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.03b36 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.03b23 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.03b27 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.04b58 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.06b43 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.01b50 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.03b12 | Trust: 0.6 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 1.03b43 | Trust: 0.6 |
| vendor: | d link | model: | dsr-500n | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-500 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-250n | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-250 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-150n | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-150 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-1000n | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-1000 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | d link | model: | dsr-500n 1.08b77 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-500 1.08b77 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-250n 1.08b44 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-250 1.08b44 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-150n 1.05b64 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-150 1.08b44 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-1000n 1.08b77 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | d link | model: | dsr-1000 1.08b77 | scope: | ne | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
trust management problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Services Routers | url: | http://www.dlink.com/us/en/business-solutions/security/services-routers | Trust: 0.8 |
| title: | ルータ/ファイアウォール | url: | http://www.dlink-jp.com/router-firewall | Trust: 0.8 |
| title: | Downloads | url: | http://tsd.dlink.com.tw/ | Trust: 0.8 |
| title: | D-Link DSR Router built-in account vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/41959 | Trust: 0.6 |
| title: | DSR-250N_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47082 | Trust: 0.6 |
| title: | DSR-250_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47081 | Trust: 0.6 |
| title: | DSR-150N_A2_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47080 | Trust: 0.6 |
| title: | DSR-150_A2_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47079 | Trust: 0.6 |
| title: | DSR-150_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47078 | Trust: 0.6 |
| title: | DSR-1000_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47085 | Trust: 0.6 |
| title: | DSR-500N_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47084 | Trust: 0.6 |
| title: | DSR-500_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47083 | Trust: 0.6 |
| title: | DSR-1000N_A1_FW1 | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=47086 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-7004 | Trust: 3.4 |
| db: | EXPLOIT-DB | id: | 30061 | Trust: 2.3 |
| db: | BID | id: | 64462 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-005615 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201312-400 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-15548 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-67006 | Trust: 0.1 |
REFERENCES
| url: | http://www.exploit-db.com/exploits/30061 | Trust: 2.3 |
| url: | http://tsd.dlink.com.tw/temp/pmd/12879/dsr-500_500n_1000_1000n_a1_release_notes_fw_v1.08b77_ww.pdf | Trust: 1.7 |
| url: | http://tsd.dlink.com.tw/temp/pmd/12960/dsr-150n_a2_release_notes_fw_v1.05b64_ww.pdf | Trust: 1.7 |
| url: | http://tsd.dlink.com.tw/temp/pmd/12966/dsr-150_a1_a2_release_notes_fw_v1.08b44_ww.pdf | Trust: 1.7 |
| url: | http://tsd.dlink.com.tw/temp/pmd/13039/dsr-250_250n_a1_a2_release_notes_fw_v1.08b44_ww_ru.pdf | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7004 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7004 | Trust: 0.8 |
| url: | http://tsd.dlink.com.tw/ | Trust: 0.3 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
CREDITS
nu11.nu11
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2013-15548 |
| db: | VULHUB | id: | VHN-67006 |
| db: | BID | id: | 64462 |
| db: | JVNDB | id: | JVNDB-2013-005615 |
| db: | CNNVD | id: | CNNVD-201312-400 |
| db: | NVD | id: | CVE-2013-7004 |
LAST UPDATE DATE
2025-04-11T23:03:51.916000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-15548 | date: | 2013-12-25T00:00:00 |
| db: | VULHUB | id: | VHN-67006 | date: | 2013-12-19T00:00:00 |
| db: | BID | id: | 64462 | date: | 2013-12-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005615 | date: | 2013-12-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-400 | date: | 2023-04-27T00:00:00 |
| db: | NVD | id: | CVE-2013-7004 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-15548 | date: | 2013-12-25T00:00:00 |
| db: | VULHUB | id: | VHN-67006 | date: | 2013-12-19T00:00:00 |
| db: | BID | id: | 64462 | date: | 2013-12-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005615 | date: | 2013-12-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-400 | date: | 2013-12-25T00:00:00 |
| db: | NVD | id: | CVE-2013-7004 | date: | 2013-12-19T04:24:57.463 |