CVE-2013-5945: SQL Injection
First published: Tue Feb 11 2020(Updated: )
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DSR-150 | <1.08b44 | |
| D-Link DSR-150 | ||
| D-Link DSR-150N | <1.05b64 | |
| D-Link DSR-150N | ||
| D-Link DSR-250 | <1.08b44 | |
| D-Link DSR-250 | ||
| D-Link DSR-250N Firmware | <1.08b44 | |
| D-Link DSR-250N Firmware | ||
| D-Link DSR-500 | <1.08b77 | |
| D-Link DSR-500 | ||
| D-Link DSR-500N | <1.08b77 | |
| D-Link DSR-500N | ||
| D-Link DSR-1000AC | <1.08b77 | |
| D-Link DSR-1000AC | ||
| D-Link DSR-1000N | <1.08b77 | |
| D-Link DSR-1000N |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf
- http://www.exploit-db.com/exploits/30061
Frequently Asked Questions
What is the severity of CVE-2013-5945?
The severity of CVE-2013-5945 is critical with a severity value of 9.8.
How can remote attackers exploit CVE-2013-5945?
Remote attackers can exploit CVE-2013-5945 to execute arbitrary SQL commands.
Which D-Link products are affected by CVE-2013-5945?
D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware versions before the specified ones are affected by CVE-2013-5945.
How can I fix the SQL injection vulnerabilities in D-Link DSR series?
To fix the SQL injection vulnerabilities, upgrade the firmware of D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500, DSR-500N, DSR-1000, and DSR-1000N to versions above the specified vulnerable ones.
Where can I find additional information about CVE-2013-5945?
Additional information about CVE-2013-5945 can be found in the provided references.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dlink
- canonical/d-link dsr-150
- canonical/d-link dsr-150n
- canonical/d-link dsr-250
- canonical/d-link dsr-250n firmware
- canonical/d-link dsr-500
- canonical/d-link dsr-500n
- canonical/d-link dsr-1000ac
- canonical/d-link dsr-1000n