CVE-2013-5945
published 2020-02-11CVE-2013-5945: Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dsr-1000_firmware | < 1.08b77 | 1.08b77 |
| dlink | dsr-1000n_firmware | < 1.08b77 | 1.08b77 |
| dlink | dsr-150_firmware | < 1.08b44 | 1.08b44 |
| dlink | dsr-150n_firmware | < 1.05b64 | 1.05b64 |
| dlink | dsr-250_firmware | < 1.08b44 | 1.08b44 |
| dlink | dsr-250n_firmware | < 1.08b44 | 1.08b44 |
| dlink | dsr-500_firmware | < 1.08b77 | 1.08b77 |
| dlink | dsr-500n_firmware | < 1.08b77 | 1.08b77 |