BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
2013-11-18T03:55:05.603
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | blackberry | blackberry_link | ≤ 1.1.1.26 | Yes |
| Application | blackberry | blackberry_link | 1.0.1.12 | Yes |
| Operating System | apple | mac_os_x | * | No |
| Application | blackberry | blackberry_link | ≤ 1.2.0.28 | Yes |
| Application | blackberry | blackberry_link | 1.0.1.12 | Yes |
| Application | blackberry | blackberry_link | 1.1.1.26 | Yes |
| Application | blackberry | blackberry_link | 1.1.1.41 | Yes |
| Application | blackberry | blackberry_link | 1.2.0.12 | Yes |
| Operating System | microsoft | windows | * | No |