CVE-2013-5945 — CRITICAL (9.8)

Q: How severe is CVE-2013-5945?

CVE-2013-5945 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2013-5945?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-150 Firmware, Dlink Dsr-150, Dlink Dsr-150N Firmware, Dlink Dsr-150N, Dlink Dsr-250 Firmware.

Vulnerability Description

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Dsr-150 Firmware	< 1.08b44
Dlink	Dsr-150	-
Dlink	Dsr-150N Firmware	< 1.05b64
Dlink	Dsr-150N	-
Dlink	Dsr-250 Firmware	< 1.08b44
Dlink	Dsr-250	-
Dlink	Dsr-250N Firmware	< 1.08b44
Dlink	Dsr-250N	-
Dlink	Dsr-500 Firmware	< 1.08b77
Dlink	Dsr-500	-
Dlink	Dsr-500N Firmware	< 1.08b77
Dlink	Dsr-500N	-
Dlink	Dsr-1000 Firmware	< 1.08b77
Dlink	Dsr-1000	-
Dlink	Dsr-1000N Firmware	< 1.08b77
Dlink	Dsr-1000N	-

Related Weaknesses (CWE)

CWE-89

References

http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_Broken Link
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.Broken Link
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WBroken Link
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08Broken Link
http://www.exploit-db.com/exploits/30061ExploitThird Party AdvisoryVDB Entry
http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_Broken Link
http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.Broken Link
http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WBroken Link
http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08Broken Link
http://www.exploit-db.com/exploits/30061ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2013-5945?

CVE-2013-5945 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, ...

How severe is CVE-2013-5945?

CVE-2013-5945 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2013-5945?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsr-150 Firmware, Dlink Dsr-150, Dlink Dsr-150N Firmware, Dlink Dsr-150N, Dlink Dsr-250 Firmware.