Details of VAR-201912-0071

ID

VAR-201912-0071

CVE

CVE-2019-6013

TITLE

Multiple OS command injection vulnerabilities in DBA-1510P

Trust: 0.8

sources: JVNDB: JVNDB-2019-000062

DESCRIPTION

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2019-6014. D-Link DBA-1510P is a wireless access point device from Taiwan D-Link. This vulnerability originates from the process of externally inputting data to construct the executable command of the operating system, and the network system or product is not properly filtered. Special characters, commands, etc., attackers can use this vulnerability to execute illegal operating system commands

Trust: 2.25

sources: NVD: CVE-2019-6013 // JVNDB: JVNDB-2019-000062 // CNVD: CNVD-2019-36969 // VULMON: CVE-2019-6013

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-36969

AFFECTED PRODUCTS

vendor:	dlink	model:	dba-1510p	scope:	lte	version:	1.70b009	Trust: 1.0
vendor:	d link k k	model:	dba-1510p	scope:	lte	version:	firmware 1.70b009	Trust: 0.8
vendor:	d link	model:	dba-1510p <=1.70b009	scope:	-	version:	-	Trust: 0.6
vendor:	dlink	model:	dba-1510p	scope:	eq	version:	1.70b009	Trust: 0.6
vendor:	dlink	model:	dba-1510p	scope:	eq	version:	1.70b005	Trust: 0.6
vendor:	dlink	model:	dba-1510p	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-36969 // JVNDB: JVNDB-2019-000062 // CNNVD: CNNVD-201910-293 // NVD: CVE-2019-6013

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6013
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2019-000062
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2019-000062
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-36969
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201910-293
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2019-6013
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6013
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2019-000062
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2019-000062
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2019-36969
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-6013
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2019-000062
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2019-000062
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-36969 // VULMON: CVE-2019-6013 // JVNDB: JVNDB-2019-000062 // JVNDB: JVNDB-2019-000062 // CNNVD: CNNVD-201910-293 // NVD: CVE-2019-6013

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2019-000062 // NVD: CVE-2019-6013

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-000062

PATCH

title:	R1.70b010	url:	https://www.dlink-jp.com/product/dba-1510p#product_firmware	Trust: 0.8
title:	Patch for D-Link DBA-1510P Operating System Command Injection Vulnerability (CNVD-2019-36969)	url:	https://www.cnvd.org.cn/patchInfo/show/186835	Trust: 0.6
title:	D-Link DBA-1510P Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99001	Trust: 0.6
title:	cvecat	url:	https://github.com/msantos/cvecat	Trust: 0.1

sources: CNVD: CNVD-2019-36969 // VULMON: CVE-2019-6013 // JVNDB: JVNDB-2019-000062 // CNNVD: CNNVD-201910-293

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6013	Trust: 3.1
db:	JVN	id:	JVN95875796	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-000062	Trust: 2.0
db:	CNVD	id:	CNVD-2019-36969	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-293	Trust: 0.6
db:	VULMON	id:	CVE-2019-6013	Trust: 0.1

sources: CNVD: CNVD-2019-36969 // VULMON: CVE-2019-6013 // JVNDB: JVNDB-2019-000062 // CNNVD: CNNVD-201910-293 // NVD: CVE-2019-6013

REFERENCES

url:	http://jvn.jp/en/jp/jvn95875796/index.html	Trust: 2.5
url:	https://www.dlink-jp.com/product/dba-1510p#product_firmware	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-000062.html	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6013	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6014	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6013	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/msantos/cvecat	Trust: 0.1

sources: CNVD: CNVD-2019-36969 // VULMON: CVE-2019-6013 // JVNDB: JVNDB-2019-000062 // CNNVD: CNNVD-201910-293 // NVD: CVE-2019-6013

SOURCES

db:	CNVD	id:	CNVD-2019-36969
db:	VULMON	id:	CVE-2019-6013
db:	JVNDB	id:	JVNDB-2019-000062
db:	CNNVD	id:	CNNVD-201910-293
db:	NVD	id:	CVE-2019-6013

LAST UPDATE DATE

2024-11-23T22:25:39.858000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-36969	date:	2019-10-24T00:00:00
db:	VULMON	id:	CVE-2019-6013	date:	2020-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-000062	date:	2019-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-293	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2019-6013	date:	2024-11-21T04:45:54.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-36969	date:	2019-10-24T00:00:00
db:	VULMON	id:	CVE-2019-6013	date:	2019-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-000062	date:	2019-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201910-293	date:	2019-10-07T00:00:00
db:	NVD	id:	CVE-2019-6013	date:	2019-12-26T16:15:11.153