4.9

CVE-2013-7005

Exploit

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.

Data is provided by the National Vulnerability Database (NVD)
DlinkDsr-150 Firmware Version <= 1.08b29
DlinkDsr-150 Firmware Version1.05b29
DlinkDsr-150 Firmware Version1.05b35
DlinkDsr-150 Firmware Version1.05b46
DlinkDsr-150 Firmware Version1.05b50
DlinkDsr-150 Version-
DlinkDsr-250 Firmware Version <= 1.08b39
DlinkDsr-250 Firmware Version1.01b46
DlinkDsr-250 Firmware Version1.01b56
DlinkDsr-250 Firmware Version1.05b20
DlinkDsr-250 Firmware Version1.05b53
DlinkDsr-250 Firmware Version1.08b31
DlinkDsr-250 Version-
DlinkDsr-1000n Firmware Version <= 1.08b51
DlinkDsr-1000n Firmware Version1.01b50
DlinkDsr-1000n Firmware Version1.02b11
DlinkDsr-1000n Firmware Version1.02b25
DlinkDsr-1000n Firmware Version1.03b12
DlinkDsr-1000n Firmware Version1.03b23
DlinkDsr-1000n Firmware Version1.03b27
DlinkDsr-1000n Firmware Version1.03b36
DlinkDsr-1000n Firmware Version1.03b43
DlinkDsr-1000n Firmware Version1.04b58
DlinkDsr-1000n Firmware Version1.06b43
DlinkDsr-1000n Firmware Version1.06b53
DlinkDsr-1000n Version-
DlinkDsr-150n Firmware Version <= 1.05b48
DlinkDsr-150n Version-
DlinkDsr-500 Firmware Version <= 1.08b51
DlinkDsr-500 Firmware Version1.02b11
DlinkDsr-500 Firmware Version1.02b25
DlinkDsr-500 Firmware Version1.03b12
DlinkDsr-500 Firmware Version1.03b23
DlinkDsr-500 Firmware Version1.03b27
DlinkDsr-500 Firmware Version1.03b36
DlinkDsr-500 Firmware Version1.03b43
DlinkDsr-500 Firmware Version1.04b58
DlinkDsr-500 Firmware Version1.06b43
DlinkDsr-500 Firmware Version1.06b53
DlinkDsr-500 Version-
DlinkDsr-1000 Firmware Version <= 1.08b51
DlinkDsr-1000 Firmware Version1.01b50
DlinkDsr-1000 Firmware Version1.02b11
DlinkDsr-1000 Firmware Version1.02b25
DlinkDsr-1000 Firmware Version1.03b12
DlinkDsr-1000 Firmware Version1.03b23
DlinkDsr-1000 Firmware Version1.03b27
DlinkDsr-1000 Firmware Version1.03b36
DlinkDsr-1000 Firmware Version1.03b43
DlinkDsr-1000 Firmware Version1.04b58
DlinkDsr-1000 Firmware Version1.06b43
DlinkDsr-1000 Firmware Version1.06b53
DlinkDsr-1000 Version-
DlinkDsr-250n Firmware Version <= 1.08b39
   DlinkDsr-250n Version-
DlinkDsr-250n Firmware Version1.01b46
   DlinkDsr-250n Version-
DlinkDsr-250n Firmware Version1.01b56
   DlinkDsr-250n Version-
DlinkDsr-250n Firmware Version1.05b20
   DlinkDsr-250n Version-
DlinkDsr-250n Firmware Version1.05b53
   DlinkDsr-250n Version-
DlinkDsr-250n Firmware Version1.08b31
   DlinkDsr-250n Version-
DlinkDsr-500n Firmware Version <= 1.08b51
DlinkDsr-500n Firmware Version1.02b11
DlinkDsr-500n Firmware Version1.02b25
DlinkDsr-500n Firmware Version1.03b12
DlinkDsr-500n Firmware Version1.03b23
DlinkDsr-500n Firmware Version1.03b27
DlinkDsr-500n Firmware Version1.03b36
DlinkDsr-500n Firmware Version1.03b43
DlinkDsr-500n Firmware Version1.04b58
DlinkDsr-500n Firmware Version1.06b43
DlinkDsr-500n Firmware Version1.06b53
DlinkDsr-500n Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.088
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.