Strix
26.1K

CVE-2013-7004

UnknownEPSS 1.88%

Last modified

CVE-2013-7004 is a vulnerability of currently unknown severity. D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.. EPSS estimates a 1.88% chance of exploitation in the next 30 days.

Description

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.

Metrics

EPSS Probability
1.88%

76.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DlinkDsr-500 Firmware<= 1.08b51
DlinkDsr-500 Firmware1.02b11
DlinkDsr-500 Firmware1.02b25
DlinkDsr-500 Firmware1.03b12
DlinkDsr-500 Firmware1.03b23
DlinkDsr-500 Firmware1.03b27
DlinkDsr-500 Firmware1.03b36
DlinkDsr-500 Firmware1.03b43
DlinkDsr-500 Firmware1.04b58
DlinkDsr-500 Firmware1.06b43
DlinkDsr-500 Firmware1.06b53
DlinkDsr-500All versions
DlinkDsr-150n Firmware<= 1.05b48
DlinkDsr-150nAll versions
DlinkDsr-250n Firmware<= 1.08b39
DlinkDsr-250n Firmware1.01b46
DlinkDsr-250n Firmware1.01b56
DlinkDsr-250n Firmware1.05b20
DlinkDsr-250n Firmware1.05b53
DlinkDsr-250n Firmware1.08b31
DlinkDsr-150 Firmware<= 1.08b29
DlinkDsr-150 Firmware1.05b29
DlinkDsr-150 Firmware1.05b35
DlinkDsr-150 Firmware1.05b46
DlinkDsr-150 Firmware1.05b50
DlinkDsr-150All versions
DlinkDsr-500n Firmware<= 1.08b51
DlinkDsr-500n Firmware1.02b11
DlinkDsr-500n Firmware1.02b25
DlinkDsr-500n Firmware1.03b12
DlinkDsr-500n Firmware1.03b23
DlinkDsr-500n Firmware1.03b27
DlinkDsr-500n Firmware1.03b36
DlinkDsr-500n Firmware1.03b43
DlinkDsr-500n Firmware1.04b58
DlinkDsr-500n Firmware1.06b43
DlinkDsr-500n Firmware1.06b53
DlinkDsr-500nAll versions
DlinkDsr-1000n Firmware<= 1.08b51
DlinkDsr-1000n Firmware1.01b50
DlinkDsr-1000n Firmware1.02b11
DlinkDsr-1000n Firmware1.02b25
DlinkDsr-1000n Firmware1.03b12
DlinkDsr-1000n Firmware1.03b23
DlinkDsr-1000n Firmware1.03b27
DlinkDsr-1000n Firmware1.03b36
DlinkDsr-1000n Firmware1.03b43
DlinkDsr-1000n Firmware1.04b58
DlinkDsr-1000n Firmware1.06b43
DlinkDsr-1000n Firmware1.06b53

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-7004?
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 have a hardcoded account of username gkJ9232xXyruTRmY, which makes it easier for remote attackers to obtain access by leveraging knowledge of the username.
How severe is CVE-2013-7004?
Severity scoring for CVE-2013-7004 is pending analysis. The EPSS model estimates a 1.88% probability of exploitation in the next 30 days.
How do I fix CVE-2013-7004?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-7004?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST