CVE-2013-6811

EPSS 0.16%
Published 22.11.2019 18:15:10
Last modified 21.11.2024 01:59:45
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

D-link ≫ Dsl6740u Firmware Version-

D-link ≫ Dsl6740u Versionh1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.335

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://exchange.xforce.ibmcloud.com/vulnerabilities/89612

Third Party Advisory

VDB Entry

https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10005

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-6811

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6811

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6811

EUVD