CVE-2013-7320 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
D-link	Dap 2253 Firmware Dap 2253

Configuration 1 [-]

AND

cpe:2.3:o:d-link:dap_2253_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dap_2253:a1:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/56022	Vendor Advisory
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006	Vendor Advisory
http://www.securityfocus.com/bid/64297

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-02-06T15:00:00

Updated: 2014-02-19T18:57:01

Reserved: 2014-02-06T00:00:00

Link: CVE-2013-7320

JSON object: View

NVD Information

Status : Modified

Published: 2014-02-06T16:10:59.093

Modified: 2014-02-21T05:06:05.407

Link: CVE-2013-7320

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-19T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "64297", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64297"}, {"name": "56022", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56022"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7320", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "64297", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64297"}, {"name": "56022", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/56022"}, {"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006", "refsource": "CONFIRM", "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10006"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7320", "datePublished": "2014-02-06T15:00:00", "dateReserved": "2014-02-06T00:00:00", "dateUpdated": "2014-02-19T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}