CVE-2013-4772

D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html
http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-826l_wireless_n600_cloud_router_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-826l_wireless_n600_cloud_router:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-505l_shareport_mobile_companion_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-505l_shareport_mobile_companion:a1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-05-12 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2013-4772

Mitre link : CVE-2013-4772

CVE.ORG link : CVE-2013-4772

JSON object : View

Products Affected

dlink

dir-826l_wireless_n600_cloud_router
dir-505l_shareport_mobile_companion
dir-826l_wireless_n600_cloud_router_firmware
dir-505l_shareport_mobile_companion_firmware

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-4772", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-12T14:55:05.447", "references": [{"url": "http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/122314/D-Link-DIR-505L-DIR-826L-Authentication-Bypass.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active."}, {"lang": "es", "value": "D-Link DIR-505L SharePort Mobile Companion 1.01 y DIR-826L Wireless N600 Cloud Router 1.02 permite a atacantes remotos evadir autenticaci\u00f3n a trav\u00e9s de una solicitud directa cuando una sesi\u00f3n autorizada est\u00e1 activa."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-826l_wireless_n600_cloud_router_firmware:1.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3721D43-930B-444E-8CE1-8413F17A7808"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-826l_wireless_n600_cloud_router:a1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9420D90-0AB8-477B-88A1-C5646A355F9B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-505l_shareport_mobile_companion_firmware:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CC9A328-0365-4367-A0E8-19B74E9ADE3C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-505l_shareport_mobile_companion:a1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44598F2-0914-41C7-BA35-BF198F2F4869"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}