Sign-up

ID

VAR-201405-0095


CVE

CVE-2013-4772


TITLE

D-Link DIR-505L SharePort Mobile Companion and DIR-826L Wireless N600 Cloud Router Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-006426

DESCRIPTION

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. The DIR-505L is a versatile mini wireless router and the DIR-826L is a dual-band Gigabit wireless cloud router. During this window, the application does not verify the session COOKIE, and the administrator can view or change the device configuration. Multiple D-Link products are prone to a remote authentication-bypass vulnerability. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks. This is not possible once a legitimate session has expired

Trust: 2.61

sources: NVD: CVE-2013-4772 // JVNDB: JVNDB-2013-006426 // CNVD: CNVD-2013-09174 // BID: 61019 // VULHUB: VHN-64774 // PACKETSTORM: 122314

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-09174

AFFECTED PRODUCTS

vendor:d linkmodel:dir-505l shareport mobile companionscope: - version: -

Trust: 1.4

vendor:d linkmodel:dir-505l shareport mobile companionscope:eqversion:1.01

Trust: 1.4

vendor:dlinkmodel:dir-505l shareport mobile companionscope:eqversion:1.01

Trust: 1.0

vendor:dlinkmodel:dir-826l wireless n600 cloud routerscope:eqversion:1.02

Trust: 1.0

vendor:dlinkmodel:dir-505l shareport mobile companionscope:eqversion:a1

Trust: 1.0

vendor:dlinkmodel:dir-826l wireless n600 cloud routerscope:eqversion:a1

Trust: 1.0

vendor:d linkmodel:dir-826l wireless n600 dual band gigabit cloud routerscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-826l wireless n600 dual band gigabit cloud routerscope:eqversion:1.02

Trust: 0.8

vendor:d linkmodel:dir-826l wireless n600 cloud routerscope: - version: -

Trust: 0.6

vendor:d linkmodel:dir-826l wireless n600 cloud routerscope:eqversion:1.02

Trust: 0.6

sources: CNVD: CNVD-2013-09174 // JVNDB: JVNDB-2013-006426 // CNNVD: CNNVD-201307-124 // NVD: CVE-2013-4772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4772
value: HIGH

Trust: 1.0

NVD: CVE-2013-4772
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-09174
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-124
value: MEDIUM

Trust: 0.6

VULHUB: VHN-64774
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4772
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-09174
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-64774
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-09174 // VULHUB: VHN-64774 // JVNDB: JVNDB-2013-006426 // CNNVD: CNNVD-201307-124 // NVD: CVE-2013-4772

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-64774 // JVNDB: JVNDB-2013-006426 // NVD: CVE-2013-4772

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-124

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201307-124

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006426

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-64774

PATCH
title:Wireless N600 Dual Band Gigabit Cloud Routerurl:http://www.dlink.com/us/en/home-solutions/connect/routers/dir-826l-cloud-gigabit-router-n600
Trust: 0.8
title:SharePort Mobile Companionurl:http://www.dlink.com/us/en/home-solutions/connect/routers/dir-505l-shareport-mobile-companion
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006426

EXTERNAL IDS
db:NVDid:CVE-2013-4772
Trust: 3.5
db:PACKETSTORMid:122314
Trust: 2.6
db:BIDid:61019
Trust: 1.0
db:JVNDBid:JVNDB-2013-006426
Trust: 0.8
db:CNNVDid:CNNVD-201307-124
Trust: 0.7
db:CNVDid:CNVD-2013-09174
Trust: 0.6
db:SEEBUGid:SSVID-81762
Trust: 0.1
db:VULHUBid:VHN-64774
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-09174 // 
            
            
            
            VULHUB: VHN-64774 // 
            
            
            
            BID: 61019 // 
            
            
            
            JVNDB: JVNDB-2013-006426 // 
            
            
            
            PACKETSTORM: 122314 // 
            
            
            
            CNNVD: CNNVD-201307-124 // 
            
            
            
            NVD: CVE-2013-4772

REFERENCES
url:http://packetstormsecurity.com/files/122314/d-link-dir-505l-dir-826l-authentication-bypass.html
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4772
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4772
Trust: 0.8
url:http://www.securityfocus.com/archive/1/527115
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-4772
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-09174 // 
            
            
            
            VULHUB: VHN-64774 // 
            
            
            
            BID: 61019 // 
            
            
            
            JVNDB: JVNDB-2013-006426 // 
            
            
            
            PACKETSTORM: 122314 // 
            
            
            
            CNNVD: CNNVD-201307-124 // 
            
            
            
            NVD: CVE-2013-4772

CREDITS
doylej.ia
Trust: 0.9
sources:
            
            
            BID: 61019 // 
            
            
            
            CNNVD: CNNVD-201307-124

SOURCES
db:CNVDid:CNVD-2013-09174
db:VULHUBid:VHN-64774
db:BIDid:61019
db:JVNDBid:JVNDB-2013-006426
db:PACKETSTORMid:122314
db:CNNVDid:CNNVD-201307-124
db:NVDid:CVE-2013-4772

LAST UPDATE DATE
2025-04-13T23:10:16.064000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-09174date:2013-07-10T00:00:00
db:VULHUBid:VHN-64774date:2014-05-12T00:00:00
db:BIDid:61019date:2013-07-08T00:00:00
db:JVNDBid:JVNDB-2013-006426date:2014-05-13T00:00:00
db:CNNVDid:CNNVD-201307-124date:2023-04-27T00:00:00
db:NVDid:CVE-2013-4772date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-09174date:2013-07-10T00:00:00
db:VULHUBid:VHN-64774date:2014-05-12T00:00:00
db:BIDid:61019date:2013-07-08T00:00:00
db:JVNDBid:JVNDB-2013-006426date:2014-05-13T00:00:00
db:PACKETSTORMid:122314date:2013-07-08T14:42:42
db:CNNVDid:CNNVD-201307-124date:2013-07-17T00:00:00
db:NVDid:CVE-2013-4772date:2014-05-12T14:55:05.447