Sign-up

ID

VAR-201402-0418


CVE

CVE-2013-7320


TITLE

D-Link DAP-2553 Access Point Cross-site request forgery vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-006009

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors. D-Link DAP-2253 is a router device of D-Link. Attackers can use these vulnerabilities to execute arbitrary script code in the context browser of the affected site, steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, and there may be other forms of attacks. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Other attacks may also be possible. D-Link DAP-2253 running firmware 1.26rc55 and prior are vulnerable. D-Link DAP-2253 Access Point is a wireless access point product of D-Link. A1) with firmware 1.26rc55 and earlier

Trust: 3.33

sources: NVD: CVE-2013-7320 // JVNDB: JVNDB-2013-006009 // CNVD: CNVD-2013-15307 // CNNVD: CNNVD-201312-314 // BID: 64593 // BID: 64297 // VULHUB: VHN-67322

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15307

AFFECTED PRODUCTS

vendor:d linkmodel:dap 2253scope:eqversion:a1

Trust: 1.0

vendor:d linkmodel:dap 2253scope:lteversion:1.26rc55

Trust: 1.0

vendor:d linkmodel:dap-2553scope:eqversion:revision a1

Trust: 0.8

vendor:d linkmodel:dap-2553scope:ltversion:1.30

Trust: 0.8

vendor:d linkmodel:dap-2553scope: - version: -

Trust: 0.6

vendor:d linkmodel:dap 2253scope:eqversion:1.26rc55

Trust: 0.6

sources: CNVD: CNVD-2013-15307 // JVNDB: JVNDB-2013-006009 // CNNVD: CNNVD-201402-065 // NVD: CVE-2013-7320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7320
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-7320
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-15307
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-065
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67322
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7320
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-15307
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67322
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-15307 // VULHUB: VHN-67322 // JVNDB: JVNDB-2013-006009 // CNNVD: CNNVD-201402-065 // NVD: CVE-2013-7320

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-67322 // JVNDB: JVNDB-2013-006009 // NVD: CVE-2013-7320

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201312-314 // CNNVD: CNNVD-201402-065

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201312-314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006009

PATCH
title:SAP10006url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006
Trust: 0.8
title:D-Link DAP-2553 has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/41826
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            JVNDB: JVNDB-2013-006009

EXTERNAL IDS
db:NVDid:CVE-2013-7320
Trust: 3.1
db:DLINKid:SAP10006
Trust: 2.6
db:SECUNIAid:56022
Trust: 2.3
db:BIDid:64297
Trust: 2.0
db:JVNDBid:JVNDB-2013-006009
Trust: 0.8
db:CNNVDid:CNNVD-201402-065
Trust: 0.7
db:CNVDid:CNVD-2013-15307
Trust: 0.6
db:CNNVDid:CNNVD-201312-314
Trust: 0.6
db:BIDid:64593
Trust: 0.3
db:VULHUBid:VHN-67322
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            VULHUB: VHN-67322 // 
            
            
            
            BID: 64593 // 
            
            
            
            BID: 64297 // 
            
            
            
            JVNDB: JVNDB-2013-006009 // 
            
            
            
            CNNVD: CNNVD-201312-314 // 
            
            
            
            CNNVD: CNNVD-201402-065 // 
            
            
            
            NVD: CVE-2013-7320

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10006
Trust: 2.6
url:http://secunia.com/advisories/56022
Trust: 2.3
url:http://www.securityfocus.com/bid/64297
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7320
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7320
Trust: 0.8
url:http://www.dlink.com/us/en/business-solutions/wireless/access-points/access-points/dap-2553-wireless-n600-dual-band-poe-access-point
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-15307 // 
            
            
            
            VULHUB: VHN-67322 // 
            
            
            
            BID: 64593 // 
            
            
            
            JVNDB: JVNDB-2013-006009 // 
            
            
            
            CNNVD: CNNVD-201312-314 // 
            
            
            
            CNNVD: CNNVD-201402-065 // 
            
            
            
            NVD: CVE-2013-7320

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 64593

SOURCES
db:CNVDid:CNVD-2013-15307
db:VULHUBid:VHN-67322
db:BIDid:64593
db:BIDid:64297
db:JVNDBid:JVNDB-2013-006009
db:CNNVDid:CNNVD-201312-314
db:CNNVDid:CNNVD-201402-065
db:NVDid:CVE-2013-7320

LAST UPDATE DATE
2025-04-11T23:02:49.844000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-15307date:2014-02-18T00:00:00
db:VULHUBid:VHN-67322date:2014-02-21T00:00:00
db:BIDid:64593date:2015-03-19T09:23:00
db:BIDid:64297date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-006009date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201312-314date:2013-12-17T00:00:00
db:CNNVDid:CNNVD-201402-065date:2014-02-12T00:00:00
db:NVDid:CVE-2013-7320date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-15307date:2013-12-18T00:00:00
db:VULHUBid:VHN-67322date:2014-02-06T00:00:00
db:BIDid:64593date:2013-11-26T00:00:00
db:BIDid:64297date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-006009date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201312-314date:2013-11-26T00:00:00
db:CNNVDid:CNNVD-201402-065date:2014-02-12T00:00:00
db:NVDid:CVE-2013-7320date:2014-02-06T16:10:59.093