Lucene search

[email protected]NVD:CVE-2013-3095

HistoryNov 20, 2013 - 1:19 p.m.

CVE-2013-3095

2013-11-2013:19:38

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.

Affected configurations

NVD

Node

dlinkdir865l_firmwareRange≤1.05

dlinkdir865l_firmwareMatch1.00b24

dlinkdir865l_firmwareMatch1.02

dlinkdir865l_firmwareMatch1.03

AND

dlinkdir865lMatch-

References

secunia.com/advisories/53064

securityadvisories.dlink.com/security/publication.aspx?name=SAP10003

securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for NVD:CVE-2013-3095

cve1 prion1 cvelist1