CVE-2013-6811

Published: Nov 22, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries.

Affected (1)

Products: D Link: Dsl6740u Firmware

1 product

Dsl6740u Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dsl6740u Firmware	All versions

Running on/with	Platform Versions
D Link Dsl6740u	Version h1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/89612

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10005

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/89612

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://web.archive.org/web/20131208091355/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10005

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.