All the vulnerabilites related to D-Link - DIR-2150
cve-2022-40717
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2024-08-03 12:21
Severity
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1220/"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1220/"
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-40717",
"datePublished": "2023-01-26T00:00:00",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34274
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:01
Severity
Summary
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-627/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:dir-2150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:33:43.748615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:06.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-627",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-627/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.018-05:00",
"datePublic": "2023-05-15T18:02:46.370-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20552."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:04.306Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-627",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-627/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34274",
"datePublished": "2024-05-03T01:57:04.306Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:01:54.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34279
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-630/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:19.628605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:04.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-630",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-630/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.053-05:00",
"datePublic": "2023-05-15T18:03:00.506-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20558."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:07.893Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-630",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-630/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34279",
"datePublished": "2024-05-03T01:57:07.893Z",
"dateReserved": "2023-05-31T19:51:08.219Z",
"dateUpdated": "2024-08-02T16:10:05.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34278
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-626/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:24.260520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:08.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-626",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-626/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.046-05:00",
"datePublic": "2023-05-15T18:02:41.132-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20556."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:07.144Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-626",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-626/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34278",
"datePublished": "2024-05-03T01:57:07.144Z",
"dateReserved": "2023-05-31T19:51:08.219Z",
"dateUpdated": "2024-08-02T16:10:05.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34276
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-632/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:33.580618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:18.875Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-632",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-632/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.031-05:00",
"datePublic": "2023-05-15T18:03:09.030-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20554."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:05.687Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-632",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-632/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34276",
"datePublished": "2024-05-03T01:57:05.687Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:10:05.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34281
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-633/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:10.554497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:07.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-633",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-633/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.069-05:00",
"datePublic": "2023-05-15T18:03:14.749-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20561."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:09.413Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-633",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-633/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34281",
"datePublished": "2024-05-03T01:57:09.413Z",
"dateReserved": "2023-05-31T19:51:08.219Z",
"dateUpdated": "2024-08-02T16:10:05.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5291
Vulnerability from cvelistv5
Published
2024-05-23 21:29
Modified
2024-08-01 21:11
Severity
Summary
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-442/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:dir-2150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "1.06B01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:40:52.958356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:17.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-442",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-442/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.06B01"
}
]
}
],
"dateAssigned": "2024-05-23T16:19:55.725-05:00",
"datePublic": "2024-05-14T10:20:45.137-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:29:29.301Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-442",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-442/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5291",
"datePublished": "2024-05-23T21:29:29.301Z",
"dateReserved": "2024-05-23T21:19:55.691Z",
"dateUpdated": "2024-08-01T21:11:11.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40719
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2024-08-03 12:21
Severity
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1223/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1223/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-40719",
"datePublished": "2023-01-26T00:00:00",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44415
Vulnerability from cvelistv5
Published
2024-05-03 02:13
Modified
2024-08-02 20:07
Severity
Summary
D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-1513/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:57:46.487538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:18.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1513",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1513/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-09-28T13:14:48.173-05:00",
"datePublic": "2023-10-04T18:05:28.416-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19946."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:13:45.490Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1513",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1513/"
}
],
"source": {
"lang": "en",
"value": "VRI FALL 2022 (Minh Giang, Nicholas Zubrisky, Evan Qi)"
},
"title": "D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44415",
"datePublished": "2024-05-03T02:13:45.490Z",
"dateReserved": "2023-09-28T18:02:49.770Z",
"dateUpdated": "2024-08-02T20:07:33.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34277
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-625/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:28.732823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:18.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-625",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-625/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.038-05:00",
"datePublic": "2023-05-15T18:02:35.474-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20555."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:06.456Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-625",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-625/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34277",
"datePublished": "2024-05-03T01:57:06.456Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:10:05.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40718
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2024-08-03 12:21
Severity
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1221/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1221/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-40718",
"datePublished": "2023-01-26T00:00:00",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34275
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-631/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:38.222734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:06.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-631",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-631/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.025-05:00",
"datePublic": "2023-05-15T18:03:04.236-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20553."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:05.005Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-631",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-631/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34275",
"datePublished": "2024-05-03T01:57:05.005Z",
"dateReserved": "2023-05-31T19:51:08.218Z",
"dateUpdated": "2024-08-02T16:10:05.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40720
Vulnerability from cvelistv5
Published
2023-01-26 00:00
Modified
2024-08-03 12:21
Severity
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1224/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T00:00:00",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1224/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-40720",
"datePublished": "2023-01-26T00:00:00",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T12:21:46.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity
5.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
References
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-300",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615GF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615T",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-806A",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-816",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-820",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACG1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-841",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-843",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-853",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-882",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1210",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1260",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1530",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1860",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-224",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-245GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2640U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-G2452GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402GFRU",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G-IL",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-312W",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-953",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Good Line Router v2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "99iz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T15:31:04.290Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-19T08:26:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0717",
"datePublished": "2024-01-19T15:31:04.290Z",
"dateReserved": "2024-01-19T07:21:32.386Z",
"dateUpdated": "2024-08-01T18:11:35.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34282
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-628/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "1.05b01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:49:34.529189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:17.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:05.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-628",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-628/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.076-05:00",
"datePublic": "2023-05-15T18:02:52.051-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. A crafted authentication header can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20910."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:10.254Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-628",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-628/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34282",
"datePublished": "2024-05-03T01:57:10.254Z",
"dateReserved": "2023-05-31T19:51:08.219Z",
"dateUpdated": "2024-08-02T16:10:05.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3210
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-03 01:00
Severity
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1222/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10304"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1222/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-3210",
"datePublished": "2023-03-29T00:00:00",
"dateReserved": "2022-09-13T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34280
Vulnerability from cvelistv5
Published
2024-05-03 01:57
Modified
2024-08-02 16:10
Severity
Summary
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-629/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2150_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.05B01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T19:04:14.905641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:05.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-629",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-629/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.05B01"
}
]
}
],
"dateAssigned": "2023-05-31T15:02:02.061-05:00",
"datePublic": "2023-05-15T18:02:56.308-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20559."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:57:08.656Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-629",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-629/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-34280",
"datePublished": "2024-05-03T01:57:08.656Z",
"dateReserved": "2023-05-31T19:51:08.219Z",
"dateUpdated": "2024-08-02T16:10:06.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}