Dlink Dwl-2100ap up to 2.49 SSH Implementation access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Dlink Dwl-2100ap up to 2.49. This impacts an unknown function of the component SSH Implementation. This manipulation causes access control. This vulnerability is registered as CVE-2013-4706. No exploit is available. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in Dlink Dwl-2100ap up to 2.49 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SSH Implementation. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect availability. The summary by CVE is:
The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access.
The weakness was published 09/20/2013 (Website). It is possible to read the advisory at jvndb.jvn.jp. This vulnerability is known as CVE-2013-4706 since 06/26/2013. The attack can be launched remotely. The successful exploitation needs a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
Upgrading to version 2.50 eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
- 2.0
- 2.1
- 2.2
- 2.3
- 2.4
- 2.5
- 2.6
- 2.7
- 2.8
- 2.9
- 2.10
- 2.11
- 2.12
- 2.13
- 2.14
- 2.15
- 2.16
- 2.17
- 2.18
- 2.19
- 2.20
- 2.21
- 2.22
- 2.23
- 2.24
- 2.25
- 2.26
- 2.27
- 2.28
- 2.29
- 2.30
- 2.31
- 2.32
- 2.33
- 2.34
- 2.35
- 2.36
- 2.37
- 2.38
- 2.39
- 2.40
- 2.41
- 2.42
- 2.43
- 2.44
- 2.45
- 2.46
- 2.47
- 2.48
- 2.49
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Dwl-2100ap 2.50
Timeline
06/26/2013 🔍09/20/2013 🔍
09/20/2013 🔍
03/24/2015 🔍
02/28/2018 🔍
Sources
Advisory: jvndb.jvn.jpStatus: Not defined
CVE: CVE-2013-4706 (🔍)
GCVE (CVE): GCVE-0-2013-4706
GCVE (VulDB): GCVE-100-64975
Entry
Created: 03/24/2015 15:54Updated: 02/28/2018 08:02
Changes: 03/24/2015 15:54 (42), 02/28/2018 08:02 (6)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.