CVE-2013-5730 - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dsl-2740b Dsl-2740b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dsl-2740b_firmware:1.00:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dsl-2740b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004
http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities
http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-19T15:00:00

Updated: 2024-08-06T17:22:30.136Z

Reserved: 2013-09-11T00:00:00

Link: CVE-2013-5730

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-11-20T13:19:42.367

Modified: 2017-04-29T01:59:01.350

Link: CVE-2013-5730

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-09-08T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-28T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt", "refsource": "MISC", "url": "http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt"}, {"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004", "refsource": "CONFIRM", "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004"}, {"name": "http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html"}, {"name": "http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities", "refsource": "MISC", "url": "http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:22:30.136Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5730", "datePublished": "2013-11-19T15:00:00", "dateReserved": "2013-09-11T00:00:00", "dateUpdated": "2024-08-06T17:22:30.136Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dsl-2740b_firmware:1.00:*:*:*:*:*:*:*", "matchCriteriaId": "CF10D172-BCAF-4663-837C-3DD85E7349F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dsl-2740b:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCBC532B-6CAB-4994-9A9D-93DF642B7150", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en DSL-2740B Gateway de D-Link con versi\u00f3n de firmware EU_1.00, permiten a los atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que (1) habilitan o deshabilitan los filtros de direcciones MAC inal\u00e1mbricas por medio de una acci\u00f3n wlFltMode en archivo wlmacflt.cmd, (2) habilita o inhabilita las protecciones de firewall mediante una petici\u00f3n al archivo scdmz.cmd, o (3) habilita o inhabilita la administraci\u00f3n remota por medio de una acci\u00f3n save en archivo scsrvcntr.cmd."}], "id": "CVE-2013-5730", "lastModified": "2017-04-29T01:59:01.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-11-20T13:19:42.367", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/123200/D-Link-DSL-2740B-Cross-Site-Request-Forgery.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10004"}, {"source": "cve@mitre.org", "url": "http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.webapp-security.com/wp-content/uploads/2013/09/D-Link-DSL-2740B-Multiple-CSRF-Vulnerabilities1.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}