CVE-2013-6811

EPSS 0.16%
Veröffentlicht 22.11.2019 18:15:10
Zuletzt bearbeitet 21.11.2024 01:59:45
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

D-link ≫ Dsl6740u Firmware Version-

D-link ≫ Dsl6740u Versionh1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.335

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://exchange.xforce.ibmcloud.com/vulnerabilities/89612

Third Party Advisory

VDB Entry

https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10005

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-6811

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6811

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6811

EUVD