D-Link DSR Router Series SQL Injection Vulnerability Network Vulnerability

Summary

D-Link DSR Router Series are prone to an SQL-injection vulnerability.

Impact

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Insight

It was possible to login into the remote D-Link DSR Router using `admin` as username and `' or 'a'='a` as password.

Affected

D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N (Firmware < v1.05B64) D-Link DSR-250 and DSR-250N (Firmware < v1.08B44) D-Link DSR-500 and DSR-500N (Firmware < v1.08B77) D-Link DSR-1000 and DSR-1000N (Firmware < v1.08B77)

Detection

Try to login into the remote D-Link DSR Router using sql injection attack.

References

http://www.dlink.com/
http://www.exploit-db.com/exploits/30062/
http://www.securityfocus.com/bid/64172

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5945, CVE-2013-5946, CVE-2013-7004, CVE-2013-7005
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Apache Axis2 Document Type Declaration Processing Security Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities