CVE-2013-3694
BlackBerry Link < 1.2.1.31 (Windows) & < 1.1.1.39 (Mac OS X) - Arbitrary File Read/Write via IPv6 WebDAV
Title source: llmDescription
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://blog.cmpxchg8b.com/2013/11/qnx.html
Vendor Advisory x_refsource_confirm
http://www.blackberry.com/btsc/KB35315
Scores
EPSS
0.0091
EPSS Percentile
55.9%
Details
CWE
CWE-352
Status
published
Products (5)
blackberry/blackberry_link
1.0.1.12
blackberry/blackberry_link
1.1.1.26
blackberry/blackberry_link
1.1.1.41
blackberry/blackberry_link
1.2.0.12
blackberry/blackberry_link
< 1.1.1.26
Published
Nov 18, 2013
Tracked Since
Feb 18, 2026