CVE-2013-7471
published 2019-06-11CVE-2013-7471: An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dir-300_firmware | — | — |
| dlink | dir-600_firmware | < 2.17b01 | 2.17b01 |
| dlink | dir-645_firmware | < 1.04b11 | 1.04b11 |
| dlink | dir-845_firmware | < 1.02b03 | 1.02b03 |
| dlink | dir-865_firmware | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL