CVE-2013-3694

BlackBerry Link < 1.2.1.31 (Windows) & < 1.1.1.39 (Mac OS X) - Arbitrary File Read/Write via IPv6 WebDAV

Title source: llm
STIX 2.1

Description

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.blackberry.com/btsc/KB35315

Scores

EPSS 0.0091
EPSS Percentile 55.9%

Details

CWE
CWE-352
Status published
Products (5)
blackberry/blackberry_link 1.0.1.12
blackberry/blackberry_link 1.1.1.26
blackberry/blackberry_link 1.1.1.41
blackberry/blackberry_link 1.2.0.12
blackberry/blackberry_link < 1.1.1.26
Published Nov 18, 2013
Tracked Since Feb 18, 2026