CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
dlinkdir-300_firmware
2.14b01:b01
dlinkdir-600_firmware
𝑥
< 2.17b01
dlinkdir-645_firmware
𝑥
< 1.04b11
dlinkdir-845_firmware
𝑥
< 1.02b03
dlinkdir-865_firmware
1.05b03:b03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.s3cur1ty.de/m1adv2013-020
https://www.exploit-db.com/exploits/27044
http://www.s3cur1ty.de/m1adv2013-020
https://www.exploit-db.com/exploits/27044