Web application abuses : D-Link DIR-100 Router Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.803797

Kategorie: Web application abuses

Titel: D-Link DIR-100 Router Multiple Vulnerabilities

Zusammenfassung: This host is running D-Link DIR-100 Router and is prone to multiple; vulnerabilities.

Beschreibung: Summary:
This host is running D-Link DIR-100 Router and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Retrieve the Administrator password and sensitive configuration parameters
like the pppoe username and password without authentication.

- Execute privileged Commands without authentication through a race condition
leading to weak authentication enforcement.

- Sending formatted request to a victim which then will execute arbitrary
commands on the device.

- Store arbitrary javascript code which will be executed when a victim
accesses the administrator interface.

Vulnerability Impact:
Successful exploitation will allow attacker to cause denial of service or
execute arbitrary HTML and script code in a user's browser session in context of an affected website.

Affected Software/OS:
D-Link DIR-100 Hardware Revision: D1 Software Version: 4.03B07

Solution:
Apply the patch or upgrade to version 4.03B13 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-7051
http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt
http://www.exploit-db.com/exploits/31425
https://exchange.xforce.ibmcloud.com/vulnerabilities/90904
https://www.securityfocus.com/bid/65290
Common Vulnerability Exposure (CVE) ID: CVE-2013-7052
https://exchange.xforce.ibmcloud.com/vulnerabilities/90902
Common Vulnerability Exposure (CVE) ID: CVE-2013-7053
https://exchange.xforce.ibmcloud.com/vulnerabilities/90905
https://www.securityfocus.com/bid/65290/info
Common Vulnerability Exposure (CVE) ID: CVE-2013-7054
https://exchange.xforce.ibmcloud.com/vulnerabilities/90906
Common Vulnerability Exposure (CVE) ID: CVE-2013-7055
https://exchange.xforce.ibmcloud.com/vulnerabilities/90903

Copyright Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.803797
Kategorie:	Web application abuses
Titel:	D-Link DIR-100 Router Multiple Vulnerabilities
Zusammenfassung:	This host is running D-Link DIR-100 Router and is prone to multiple; vulnerabilities.
Beschreibung:	Summary: This host is running D-Link DIR-100 Router and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Retrieve the Administrator password and sensitive configuration parameters like the pppoe username and password without authentication. - Execute privileged Commands without authentication through a race condition leading to weak authentication enforcement. - Sending formatted request to a victim which then will execute arbitrary commands on the device. - Store arbitrary javascript code which will be executed when a victim accesses the administrator interface. Vulnerability Impact: Successful exploitation will allow attacker to cause denial of service or execute arbitrary HTML and script code in a user's browser session in context of an affected website. Affected Software/OS: D-Link DIR-100 Hardware Revision: D1 Software Version: 4.03B07 Solution: Apply the patch or upgrade to version 4.03B13 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7051 http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt http://www.exploit-db.com/exploits/31425 https://exchange.xforce.ibmcloud.com/vulnerabilities/90904 https://www.securityfocus.com/bid/65290 Common Vulnerability Exposure (CVE) ID: CVE-2013-7052 https://exchange.xforce.ibmcloud.com/vulnerabilities/90902 Common Vulnerability Exposure (CVE) ID: CVE-2013-7053 https://exchange.xforce.ibmcloud.com/vulnerabilities/90905 https://www.securityfocus.com/bid/65290/info Common Vulnerability Exposure (CVE) ID: CVE-2013-7054 https://exchange.xforce.ibmcloud.com/vulnerabilities/90906 Common Vulnerability Exposure (CVE) ID: CVE-2013-7055 https://exchange.xforce.ibmcloud.com/vulnerabilities/90903
Copyright	Copyright (C) 2014 Greenbone Networks GmbH