CVE-2013-7471

CWE-77Command Injection5 documents5 sources
Severity
9.8CRITICAL
EPSS
20.4%
top 4.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Dlink Dir-600 FirmwareDlink Dir-645 FirmwareDlink Dir-845 Firmware+2 more
Timeline
PublishedJun 11
Latest updateNov 23

Description

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDdlink/dir-600_firmware< 2.17b01
NVDdlink/dir-645_firmware< 1.04b11
NVDdlink/dir-845_firmware< 1.02b03

🔴Vulnerability Details

3
GHSA
GHSA-w6mr-25xf-vppm: An issue was discovered in soap2022-05-05
CVEList
CVE-2013-7471: An issue was discovered in soap2019-06-11
VulnCheck
D-Link DIR-300 Router Improper Neutralization of Special Elements used in a Command ('Command Injection')2013

🔍Detection Rules

1
Suricata
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)2022-11-23