Strix
26.1K

CVE-2013-7005

UnknownEPSS 0.66%

Last modified

CVE-2013-7005 is a vulnerability of currently unknown severity. D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.. EPSS estimates a 0.66% chance of exploitation in the next 30 days.

Description

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.

Metrics

EPSS Probability
0.66%

46.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DlinkDsr-150 Firmware<= 1.08b29
DlinkDsr-150 Firmware1.05b29
DlinkDsr-150 Firmware1.05b35
DlinkDsr-150 Firmware1.05b46
DlinkDsr-150 Firmware1.05b50
DlinkDsr-150All versions
DlinkDsr-250 Firmware<= 1.08b39
DlinkDsr-250 Firmware1.01b46
DlinkDsr-250 Firmware1.01b56
DlinkDsr-250 Firmware1.05b20
DlinkDsr-250 Firmware1.05b53
DlinkDsr-250 Firmware1.08b31
DlinkDsr-250All versions
DlinkDsr-1000n Firmware<= 1.08b51
DlinkDsr-1000n Firmware1.01b50
DlinkDsr-1000n Firmware1.02b11
DlinkDsr-1000n Firmware1.02b25
DlinkDsr-1000n Firmware1.03b12
DlinkDsr-1000n Firmware1.03b23
DlinkDsr-1000n Firmware1.03b27
DlinkDsr-1000n Firmware1.03b36
DlinkDsr-1000n Firmware1.03b43
DlinkDsr-1000n Firmware1.04b58
DlinkDsr-1000n Firmware1.06b43
DlinkDsr-1000n Firmware1.06b53
DlinkDsr-1000nAll versions
DlinkDsr-150n Firmware<= 1.05b48
DlinkDsr-150nAll versions
DlinkDsr-500 Firmware<= 1.08b51
DlinkDsr-500 Firmware1.02b11
DlinkDsr-500 Firmware1.02b25
DlinkDsr-500 Firmware1.03b12
DlinkDsr-500 Firmware1.03b23
DlinkDsr-500 Firmware1.03b27
DlinkDsr-500 Firmware1.03b36
DlinkDsr-500 Firmware1.03b43
DlinkDsr-500 Firmware1.04b58
DlinkDsr-500 Firmware1.06b43
DlinkDsr-500 Firmware1.06b53
DlinkDsr-500All versions
DlinkDsr-1000 Firmware<= 1.08b51
DlinkDsr-1000 Firmware1.01b50
DlinkDsr-1000 Firmware1.02b11
DlinkDsr-1000 Firmware1.02b25
DlinkDsr-1000 Firmware1.03b12
DlinkDsr-1000 Firmware1.03b23
DlinkDsr-1000 Firmware1.03b27
DlinkDsr-1000 Firmware1.03b36
DlinkDsr-1000 Firmware1.03b43
DlinkDsr-1000 Firmware1.04b58

Showing 50 of 71 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-7005?
D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.
How severe is CVE-2013-7005?
Severity scoring for CVE-2013-7005 is pending analysis. The EPSS model estimates a 0.66% probability of exploitation in the next 30 days.
How do I fix CVE-2013-7005?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-7005?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST