Details of VAR-201911-1529

ID

VAR-201911-1529

CVE

CVE-2013-6811

TITLE

D-Link DSL-6740U Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-15051 // CNNVD: CNNVD-201312-313

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. D-Link DSL-6740U Gateway contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DSL-6740U is a broadband router device. The D-Link DSL-6740U has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Such as changing the administrator password or enabling remote management services. D-Link DSL-6740U is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible

Trust: 2.43

sources: NVD: CVE-2013-6811 // JVNDB: JVNDB-2013-006964 // CNVD: CNVD-2013-15051 // BID: 64235

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15051

AFFECTED PRODUCTS

vendor:	d link	model:	dsl6740u	scope:	eq	version:	-	Trust: 1.0
vendor:	d link	model:	dsl-6740u	scope:	eq	version:	h1	Trust: 0.8
vendor:	d link	model:	dsl-6740u	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dsl-6740u	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-15051 // BID: 64235 // JVNDB: JVNDB-2013-006964 // NVD: CVE-2013-6811

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6811
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-6811
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-15051
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201312-313
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2013-6811
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-15051
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-6811
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2013-6811
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-15051 // JVNDB: JVNDB-2013-006964 // CNNVD: CNNVD-201312-313 // NVD: CVE-2013-6811

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2013-006964 // NVD: CVE-2013-6811

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-313

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201312-313

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006964

PATCH

title:	Top Page	url:	https://www.dlink.com/en/consumer	Trust: 0.8
title:	Patch for D-Link DSL-6740U Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/41671	Trust: 0.6

sources: CNVD: CNVD-2013-15051 // JVNDB: JVNDB-2013-006964

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6811	Trust: 3.3
db:	DLINK	id:	SAP10005	Trust: 3.3
db:	JVNDB	id:	JVNDB-2013-006964	Trust: 0.8
db:	CNVD	id:	CNVD-2013-15051	Trust: 0.6
db:	CNNVD	id:	CNNVD-201312-313	Trust: 0.6
db:	BID	id:	64235	Trust: 0.3

sources: CNVD: CNVD-2013-15051 // BID: 64235 // JVNDB: JVNDB-2013-006964 // CNNVD: CNNVD-201312-313 // NVD: CVE-2013-6811

REFERENCES

url:	https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89612	Trust: 1.6
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10005	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-6811	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6811	Trust: 0.8
url:	https://web.archive.org/web/20131208091355/	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2013-15051 // BID: 64235 // JVNDB: JVNDB-2013-006964 // CNNVD: CNNVD-201312-313 // NVD: CVE-2013-6811

CREDITS

Liad Mizrachi

Trust: 0.9

sources: BID: 64235 // CNNVD: CNNVD-201312-313

SOURCES

db:	CNVD	id:	CNVD-2013-15051
db:	BID	id:	64235
db:	JVNDB	id:	JVNDB-2013-006964
db:	CNNVD	id:	CNNVD-201312-313
db:	NVD	id:	CVE-2013-6811

LAST UPDATE DATE

2024-11-23T21:52:07.598000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15051	date:	2013-12-16T00:00:00
db:	BID	id:	64235	date:	2013-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006964	date:	2019-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201312-313	date:	2019-12-05T00:00:00
db:	NVD	id:	CVE-2013-6811	date:	2024-11-21T01:59:45.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15051	date:	2013-12-16T00:00:00
db:	BID	id:	64235	date:	2013-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006964	date:	2019-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201312-313	date:	2013-11-25T00:00:00
db:	NVD	id:	CVE-2013-6811	date:	2019-11-22T18:15:10.640