Details of VAR-201912-1656

ID

VAR-201912-1656

CVE

CVE-2014-3136

TITLE

D-Link DWR-113 Firmware vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-008755

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors. D-Link DWR-113 Contains a cross-site request forgery vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The D-link DWR-113 Wireless Router is a wireless router. D-link DWR-113 Wireless Router has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as modifying configurations. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DWR-113 running firmware 2.02 is vulnerable; other versions may also be affected

Trust: 2.43

sources: NVD: CVE-2014-3136 // JVNDB: JVNDB-2014-008755 // CNVD: CNVD-2014-04205 // BID: 68967

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04205

AFFECTED PRODUCTS

vendor:	dlink	model:	dwr-113	scope:	lt	version:	2.03b02	Trust: 1.0
vendor:	d link	model:	dwr-113	scope:	lt	version:	2.03b02	Trust: 0.8
vendor:	d link	model:	dwr-113 wireless router	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dwr-113	scope:	eq	version:	2.02	Trust: 0.3
vendor:	d link	model:	dwr-113 2.03b02	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-04205 // BID: 68967 // JVNDB: JVNDB-2014-008755 // NVD: CVE-2014-3136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3136
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3136
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04205
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201408-056
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2014-3136
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04205
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-3136
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2014-3136
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2014-04205 // JVNDB: JVNDB-2014-008755 // CNNVD: CNNVD-201408-056 // NVD: CVE-2014-3136

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2014-008755 // NVD: CVE-2014-3136

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-056

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201408-056

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008755

PATCH

title:	DWR-113 3G Wi-Fi Router	url:	http://www.dlink.co.in/products/?pid=DWR-113	Trust: 0.8
title:	D-link DWR-113 Wireless Router cross-site request forgery vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/47345	Trust: 0.6

sources: CNVD: CNVD-2014-04205 // JVNDB: JVNDB-2014-008755

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3136	Trust: 3.3
db:	BID	id:	68967	Trust: 2.5
db:	DLINK	id:	SAP10034	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-008755	Trust: 0.8
db:	CNVD	id:	CNVD-2014-04205	Trust: 0.6
db:	CNNVD	id:	CNNVD-201408-056	Trust: 0.6

sources: CNVD: CNVD-2014-04205 // BID: 68967 // JVNDB: JVNDB-2014-008755 // CNNVD: CNNVD-201408-056 // NVD: CVE-2014-3136

REFERENCES

url:	https://packetstormsecurity.com/files/cve/cve-2014-3136	Trust: 2.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95022	Trust: 1.6
url:	https://www.securityfocus.com/bid/68967	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3136	Trust: 1.4
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10034	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3136	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2014-04205 // BID: 68967 // JVNDB: JVNDB-2014-008755 // CNNVD: CNNVD-201408-056 // NVD: CVE-2014-3136

CREDITS

Blessen Thomas

Trust: 0.3

sources: BID: 68967

SOURCES

db:	CNVD	id:	CNVD-2014-04205
db:	BID	id:	68967
db:	JVNDB	id:	JVNDB-2014-008755
db:	CNNVD	id:	CNNVD-201408-056
db:	NVD	id:	CVE-2014-3136

LAST UPDATE DATE

2024-11-23T22:48:10.681000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04205	date:	2014-07-11T00:00:00
db:	BID	id:	68967	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008755	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201408-056	date:	2020-01-08T00:00:00
db:	NVD	id:	CVE-2014-3136	date:	2024-11-21T02:07:31.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04205	date:	2014-07-11T00:00:00
db:	BID	id:	68967	date:	2014-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008755	date:	2020-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201408-056	date:	2014-07-07T00:00:00
db:	NVD	id:	CVE-2014-3136	date:	2019-12-27T21:15:10.980