CVE-2013-5945

Name of the Vulnerable Software and Affected Versions: D-Link DSR-150 versions prior to 1.08B44 D-Link DSR-150N versions prior to 1.05B64 D-Link DSR-250 versions prior to 1.08B44 D-Link DSR-250N versions prior to 1.08B44 D-Link DSR-500 versions prior to 1.08B77 D-Link DSR-500N versions prior to 1.08B77 D-Link DSR-1000 versions prior to 1.08B77 D-Link DSR-1000N versions prior to 1.08B77

Description: The issue allows remote attackers to execute arbitrary SQL commands via the password to the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or captivePortal.lua. This can be exploited by sending a specially crafted password.

Recommendations: For D-Link DSR-150, update to firmware version 1.08B44 or later. For D-Link DSR-150N, update to firmware version 1.05B64 or later. For D-Link DSR-250, update to firmware version 1.08B44 or later. For D-Link DSR-250N, update to firmware version 1.08B44 or later. For D-Link DSR-500, update to firmware version 1.08B77 or later. For D-Link DSR-500N, update to firmware version 1.08B77 or later. For D-Link DSR-1000, update to firmware version 1.08B77 or later. For D-Link DSR-1000N, update to firmware version 1.08B77 or later.