CVE-2013-7055 – This vulnerability in D-Link DIR-100 routers al... (How to Fix)

Q: What is the severity of CVE-2013-7055?

CVE-2013-7055 has a CVSS score of 9.8 (CRITICAL). This vulnerability in D-Link DIR-100 routers allows unauthenticated attackers to access sensitive PPTP and PoE configuration information via HTTP requests. Affected users are those running vulnerable firmware versions on these routers, potentially exposing network credentials and configuration details.

📋 TL;DR

This vulnerability in D-Link DIR-100 routers allows unauthenticated attackers to access sensitive PPTP and PoE configuration information via HTTP requests. Affected users are those running vulnerable firmware versions on these routers, potentially exposing network credentials and configuration details.

💻 Affected Systems

Products:

D-Link DIR-100

Versions: Firmware version 4.03B07

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this firmware version are vulnerable by default.

📦 What is this software?

Dir 100 Firmware by Dlink

View all CVEs affecting Dir 100 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the router, intercept network traffic, and compromise all connected devices.

🟠

Likely Case

Attackers steal PPTP credentials and PoE configuration data, enabling unauthorized network access and potential man-in-the-middle attacks.

🟢

If Mitigated

Information disclosure limited to non-critical data with proper network segmentation and access controls.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with direct exposure to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to gain network foothold and escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to specific endpoints can retrieve sensitive information without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later firmware versions (check D-Link support)

Vendor Advisory: https://support.dlink.com/

Restart Required: Yes

Instructions:

1. Visit D-Link support site. 2. Download latest firmware for DIR-100. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and install new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Disable PPTP and PoE services

all

Turn off vulnerable services if not required

Restrict HTTP access

all

Limit HTTP management interface access to trusted networks only

🧯 If You Can't Patch

Replace router with supported model
Implement network segmentation to isolate router from critical systems

🔍 How to Verify

Check if Vulnerable:

Access http://[router-ip]/pppoe.cgi and http://[router-ip]/poe.cgi - if they return configuration data without authentication, device is vulnerable.

Check Version:

Log into router web interface and check firmware version in status/system information page.

Verify Fix Applied:

After patching, attempt same HTTP requests - they should require authentication or return error.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /pppoe.cgi and /poe.cgi from unauthorized IPs
Unusual configuration access patterns

Network Indicators:

HTTP traffic to router management interface from external sources
Unusual PPTP connection attempts

SIEM Query:

source_ip NOT IN trusted_networks AND (url_path="/pppoe.cgi" OR url_path="/poe.cgi")

📊 Metadata

CVE ID: CVE-2013-7055

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: February 4, 2020

Last Updated: November 21, 2024

🔗 References

http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt Exploit,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90903 VDB Entry
https://www.securityfocus.com/bid/65290/info Third Party Advisory,VDB Entry
http://pigstarter.krebsco.de/report/2013-12-18_dir100.txt Exploit,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/90903 VDB Entry
https://www.securityfocus.com/bid/65290/info Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-7055, you might also want to check these: