CVE-2013-7004
First published: Thu Dec 19 2013(Updated: )
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DSR-500 | <=1.08b51 | |
| D-Link DSR-500 | =1.02b11 | |
| D-Link DSR-500 | =1.02b25 | |
| D-Link DSR-500 | =1.03b12 | |
| D-Link DSR-500 | =1.03b23 | |
| D-Link DSR-500 | =1.03b27 | |
| D-Link DSR-500 | =1.03b36 | |
| D-Link DSR-500 | =1.03b43 | |
| D-Link DSR-500 | =1.04b58 | |
| D-Link DSR-500 | =1.06b43 | |
| D-Link DSR-500 | =1.06b53 | |
| D-Link DSR-500 | ||
| D-Link DSR-150N | <=1.05b48 | |
| D-Link DSR-150N | ||
| D-Link DSR-250N Firmware | <=1.08b39 | |
| D-Link DSR-250N Firmware | =1.01b46 | |
| D-Link DSR-250N Firmware | =1.01b56 | |
| D-Link DSR-250N Firmware | =1.05b20 | |
| D-Link DSR-250N Firmware | =1.05b53 | |
| D-Link DSR-250N Firmware | =1.08b31 | |
| D-Link DSR-250N Firmware | ||
| D-Link DSR-150 | <=1.08b29 | |
| D-Link DSR-150 | =1.05b29 | |
| D-Link DSR-150 | =1.05b35 | |
| D-Link DSR-150 | =1.05b46 | |
| D-Link DSR-150 | =1.05b50 | |
| D-Link DSR-150 | ||
| D-Link DSR-500N | <=1.08b51 | |
| D-Link DSR-500N | =1.02b11 | |
| D-Link DSR-500N | =1.02b25 | |
| D-Link DSR-500N | =1.03b12 | |
| D-Link DSR-500N | =1.03b23 | |
| D-Link DSR-500N | =1.03b27 | |
| D-Link DSR-500N | =1.03b36 | |
| D-Link DSR-500N | =1.03b43 | |
| D-Link DSR-500N | =1.04b58 | |
| D-Link DSR-500N | =1.06b43 | |
| D-Link DSR-500N | =1.06b53 | |
| D-Link DSR-500N | ||
| D-Link DSR-1000N | <=1.08b51 | |
| D-Link DSR-1000N | =1.01b50 | |
| D-Link DSR-1000N | =1.02b11 | |
| D-Link DSR-1000N | =1.02b25 | |
| D-Link DSR-1000N | =1.03b12 | |
| D-Link DSR-1000N | =1.03b23 | |
| D-Link DSR-1000N | =1.03b27 | |
| D-Link DSR-1000N | =1.03b36 | |
| D-Link DSR-1000N | =1.03b43 | |
| D-Link DSR-1000N | =1.04b58 | |
| D-Link DSR-1000N | =1.06b43 | |
| D-Link DSR-1000N | =1.06b53 | |
| D-Link DSR-1000N | ||
| D-Link DSR-250 | <=1.08b39 | |
| D-Link DSR-250 | =1.01b46 | |
| D-Link DSR-250 | =1.01b56 | |
| D-Link DSR-250 | =1.05b20 | |
| D-Link DSR-250 | =1.05b53 | |
| D-Link DSR-250 | =1.08b31 | |
| D-Link DSR-250 | ||
| D-Link DSR-1000AC | <=1.08b51 | |
| D-Link DSR-1000AC | =1.01b50 | |
| D-Link DSR-1000AC | =1.02b11 | |
| D-Link DSR-1000AC | =1.02b25 | |
| D-Link DSR-1000AC | =1.03b12 | |
| D-Link DSR-1000AC | =1.03b23 | |
| D-Link DSR-1000AC | =1.03b27 | |
| D-Link DSR-1000AC | =1.03b36 | |
| D-Link DSR-1000AC | =1.03b43 | |
| D-Link DSR-1000AC | =1.04b58 | |
| D-Link DSR-1000AC | =1.06b43 | |
| D-Link DSR-1000AC | =1.06b53 | |
| D-Link DSR-1000AC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf
- http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf
- http://www.exploit-db.com/exploits/30061
Frequently Asked Questions
What is the severity of CVE-2013-7004?
CVE-2013-7004 has a medium severity due to the presence of a hardcoded account that can grant unauthorized access.
How do I fix CVE-2013-7004?
To fix CVE-2013-7004, you should update the firmware of the affected D-Link devices to the latest version available.
Which D-Link products are affected by CVE-2013-7004?
CVE-2013-7004 affects D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500, DSR-500N, DSR-1000, and DSR-1000N with specific firmware versions.
What type of vulnerability is CVE-2013-7004?
CVE-2013-7004 is a security vulnerability that involves hardcoded credentials, allowing for potential unauthorized access.
When was CVE-2013-7004 disclosed?
CVE-2013-7004 was disclosed in 2013, highlighting the risks associated with the use of hardcoded passwords in firmware.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dlink
- canonical/d-link dsr-500
- version/d-link dsr-500/1.08b51
- version/d-link dsr-500/1.02b11
- version/d-link dsr-500/1.02b25
- version/d-link dsr-500/1.03b12
- version/d-link dsr-500/1.03b23
- version/d-link dsr-500/1.03b27
- version/d-link dsr-500/1.03b36
- version/d-link dsr-500/1.03b43
- version/d-link dsr-500/1.04b58
- version/d-link dsr-500/1.06b43
- version/d-link dsr-500/1.06b53
- canonical/d-link dsr-150n
- version/d-link dsr-150n/1.05b48
- canonical/d-link dsr-250n firmware
- version/d-link dsr-250n firmware/1.08b39
- version/d-link dsr-250n firmware/1.01b46
- version/d-link dsr-250n firmware/1.01b56
- version/d-link dsr-250n firmware/1.05b20
- version/d-link dsr-250n firmware/1.05b53
- version/d-link dsr-250n firmware/1.08b31
- canonical/d-link dsr-150
- version/d-link dsr-150/1.08b29
- version/d-link dsr-150/1.05b29
- version/d-link dsr-150/1.05b35
- version/d-link dsr-150/1.05b46
- version/d-link dsr-150/1.05b50
- canonical/d-link dsr-500n
- version/d-link dsr-500n/1.08b51
- version/d-link dsr-500n/1.02b11
- version/d-link dsr-500n/1.02b25
- version/d-link dsr-500n/1.03b12
- version/d-link dsr-500n/1.03b23
- version/d-link dsr-500n/1.03b27
- version/d-link dsr-500n/1.03b36
- version/d-link dsr-500n/1.03b43
- version/d-link dsr-500n/1.04b58
- version/d-link dsr-500n/1.06b43
- version/d-link dsr-500n/1.06b53
- canonical/d-link dsr-1000n
- version/d-link dsr-1000n/1.08b51
- version/d-link dsr-1000n/1.01b50
- version/d-link dsr-1000n/1.02b11
- version/d-link dsr-1000n/1.02b25
- version/d-link dsr-1000n/1.03b12
- version/d-link dsr-1000n/1.03b23
- version/d-link dsr-1000n/1.03b27
- version/d-link dsr-1000n/1.03b36
- version/d-link dsr-1000n/1.03b43
- version/d-link dsr-1000n/1.04b58
- version/d-link dsr-1000n/1.06b43
- version/d-link dsr-1000n/1.06b53
- canonical/d-link dsr-250
- version/d-link dsr-250/1.08b39
- version/d-link dsr-250/1.01b46
- version/d-link dsr-250/1.01b56
- version/d-link dsr-250/1.05b20
- version/d-link dsr-250/1.05b53
- version/d-link dsr-250/1.08b31
- canonical/d-link dsr-1000ac
- version/d-link dsr-1000ac/1.08b51
- version/d-link dsr-1000ac/1.01b50
- version/d-link dsr-1000ac/1.02b11
- version/d-link dsr-1000ac/1.02b25
- version/d-link dsr-1000ac/1.03b12
- version/d-link dsr-1000ac/1.03b23
- version/d-link dsr-1000ac/1.03b27
- version/d-link dsr-1000ac/1.03b36
- version/d-link dsr-1000ac/1.03b43
- version/d-link dsr-1000ac/1.04b58
- version/d-link dsr-1000ac/1.06b43
- version/d-link dsr-1000ac/1.06b53