Strix
26.1K

CVE-2013-5946

UnknownEPSS 6.52%

Last modified

CVE-2013-5946 is a vulnerability of currently unknown severity. The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.. EPSS estimates a 6.52% chance of exploitation in the next 30 days.

Description

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.

Metrics

EPSS Probability
6.52%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DlinkDsr-500 Firmware<= 1.08b51
DlinkDsr-500 Firmware1.02b11
DlinkDsr-500 Firmware1.02b25
DlinkDsr-500 Firmware1.03b12
DlinkDsr-500 Firmware1.03b23
DlinkDsr-500 Firmware1.03b27
DlinkDsr-500 Firmware1.03b36
DlinkDsr-500 Firmware1.03b43
DlinkDsr-500 Firmware1.04b58
DlinkDsr-500 Firmware1.06b43
DlinkDsr-500 Firmware1.06b53
DlinkDsr-500All versions
DlinkDsr-150n Firmware<= 1.05b48
DlinkDsr-150nAll versions
DlinkDsr-250n Firmware<= 1.08b39
DlinkDsr-250n Firmware1.01b46
DlinkDsr-250n Firmware1.01b56
DlinkDsr-250n Firmware1.05b20
DlinkDsr-250n Firmware1.05b53
DlinkDsr-250n Firmware1.08b31
DlinkDsr-1000 Firmware<= 1.08b51
DlinkDsr-1000 Firmware1.01b50
DlinkDsr-1000 Firmware1.02b11
DlinkDsr-1000 Firmware1.02b25
DlinkDsr-1000 Firmware1.03b12
DlinkDsr-1000 Firmware1.03b23
DlinkDsr-1000 Firmware1.03b27
DlinkDsr-1000 Firmware1.03b36
DlinkDsr-1000 Firmware1.03b43
DlinkDsr-1000 Firmware1.04b58
DlinkDsr-1000 Firmware1.06b43
DlinkDsr-1000 Firmware1.06b53
DlinkDsr-1000All versions
DlinkDsr-150 Firmware<= 1.08b29
DlinkDsr-150 Firmware1.05b29
DlinkDsr-150 Firmware1.05b35
DlinkDsr-150 Firmware1.05b46
DlinkDsr-150 Firmware1.05b50
DlinkDsr-150All versions
DlinkDsr-250 Firmware<= 1.08b39
DlinkDsr-250 Firmware1.01b46
DlinkDsr-250 Firmware1.01b56
DlinkDsr-250 Firmware1.05b20
DlinkDsr-250 Firmware1.05b53
DlinkDsr-250 Firmware1.08b31
DlinkDsr-250All versions
DlinkDsr-1000n Firmware<= 1.08b51
DlinkDsr-1000n Firmware1.01b50
DlinkDsr-1000n Firmware1.02b11
DlinkDsr-1000n Firmware1.02b25

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-5946?
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
How severe is CVE-2013-5946?
Severity scoring for CVE-2013-5946 is pending analysis. The EPSS model estimates a 6.52% probability of exploitation in the next 30 days.
How do I fix CVE-2013-5946?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-5946?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST