CVE-2013-3694

medium

Published 2013-11-18 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.blackberry.com/btsc/KB35315

OS impact

OS	Version	Status	Fixed in
macos		not-affected

Application impact

Vendor	Product	Versions
blackberry	blackberry_link	`{"endIncluding":"1.1.1.26"}`
blackberry	blackberry_link	`1.0.1.12`
blackberry	blackberry_link	`1.1.1.26`
blackberry	blackberry_link	`1.1.1.41`
blackberry	blackberry_link	`1.2.0.12`

References

http://blog.cmpxchg8b.com/2013/11/qnx.html
http://www.blackberry.com/btsc/KB35315
http://blog.cmpxchg8b.com/2013/11/qnx.html
http://www.blackberry.com/btsc/KB35315

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.