First published: Tue Jun 11 2019(Updated: )
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-300 Firmware | =2.14b01 | |
Dlink Dir-300 | =b | |
Dlink Dir-600 Firmware | <2.17b01 | |
Dlink Dir-600 | ||
Dlink Dir-645 Firmware | <1.04b11 | |
Dlink Dir-645 | ||
Dlink Dir-845 Firmware | <1.02b03 | |
Dlink Dir-845 | ||
Dlink Dir-865 Firmware | =1.05b03 | |
Dlink Dir-865 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2013-7471 is critical with a severity value of 9.8.
D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices are affected by CVE-2013-7471.
The vulnerability in CVE-2013-7471 is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element in soap.cgi?service=WANIPConn1.
To fix CVE-2013-7471, update your D-Link DIR-845 to v1.02b03, DIR-600 to v2.17b01, DIR-645 to v1.04b11, or DIR-300 rev. B or DIR-865 devices to the latest firmware version available.
More information about CVE-2013-7471 can be found at the following references: http://www.s3cur1ty.de/m1adv2013-020, https://www.exploit-db.com/exploits/27044