All the vulnerabilites related to D-Link - DIR-2640
cve-2023-32148
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-540/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-2640-us_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640-us_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021"
},
{
"status": "affected",
"version": "R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:07:32.969189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:20:31.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-540",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-540/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.002-05:00",
"datePublic": "2023-05-04T17:15:59.600-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web management interface, which listens on TCP port 80 by default. A crafted XML element in the login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19545."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:33.125Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-540",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-540/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32148",
"datePublished": "2024-05-03T01:56:33.125Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32150
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-542/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:50:31.597460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:23.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-542",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-542/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.014-05:00",
"datePublic": "2023-05-04T17:16:19.925-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the PrefixLen parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19547."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:34.550Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-542",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-542/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 PrefixLen Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32150",
"datePublished": "2024-05-03T01:56:34.550Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32147
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:03
Severity
Summary
D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-539/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:50:49.363136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:21.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-539",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-539/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:42.996-05:00",
"datePublic": "2023-05-04T17:15:53.729-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the LocalIPAddress parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19544."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:32.438Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-539",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-539/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32147",
"datePublished": "2024-05-03T01:56:32.438Z",
"dateReserved": "2023-05-03T20:10:47.059Z",
"dateUpdated": "2024-08-02T15:03:29.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32151
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-543/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:50:22.736717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:20.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-543",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-543/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.020-05:00",
"datePublic": "2023-05-04T17:16:30.727-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the DestNetwork parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:35.233Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-543",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-543/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32151",
"datePublished": "2024-05-03T01:56:35.233Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32149
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-541/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:50:40.427735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:12.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-541",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-541/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.008-05:00",
"datePublic": "2023-05-04T17:16:12.502-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web management interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19546."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:33.817Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-541",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-541/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32149",
"datePublished": "2024-05-03T01:56:33.817Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32152
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-544/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-2640-us:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640-us",
"vendor": "d-link",
"versions": [
{
"lessThanOrEqual": "v1.11B02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.11B02 Beta01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T17:52:09.343764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:37:00.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-544",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-544/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.026-05:00",
"datePublic": "2023-05-04T17:16:38.365-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303: Incorrect Implementation of Authentication Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:36.008Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-544",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-544/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32152",
"datePublished": "2024-05-03T01:56:36.008Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32153
Vulnerability from cvelistv5
Published
2024-05-03 01:56
Modified
2024-08-02 15:10
Severity
Summary
D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-23-545/ | x_research-advisory |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323 | vendor-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"lessThanOrEqual": "1.11b02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T18:52:01.271921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:14.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-545",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-545/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R.47.0.0 AutoCAD 2021 \u0026 R.47.0.0 AutoCAD LT 2021"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.032-05:00",
"datePublic": "2023-05-04T17:16:47.776-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T01:56:36.713Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-545",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-545/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32153",
"datePublished": "2024-05-03T01:56:36.713Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-08-02T15:10:23.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5293
Vulnerability from cvelistv5
Published
2024-05-23 21:29
Modified
2024-08-01 21:11
Severity
Summary
D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability
References
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-444/ | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-2640_firmware:1.11b02:beta:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-2640_firmware",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "1.11b02"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:18:35.558118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:34.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-444",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DIR-2640",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.11B02_BETA02"
}
]
}
],
"dateAssigned": "2024-05-23T16:22:42.203-05:00",
"datePublic": "2024-05-14T10:21:00.437-05:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:29:44.062Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-444",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky"
},
"title": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5293",
"datePublished": "2024-05-23T21:29:44.062Z",
"dateReserved": "2024-05-23T21:22:42.170Z",
"dateUpdated": "2024-08-01T21:11:11.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}