All the vulnerabilites related to D-Link - DSL-2750U
cve-2021-3708
Vulnerability from cvelistv5
Published
2021-08-16 04:55
Modified
2024-08-03 17:01
Severity
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
References
| URL | Tags |
|---|---|
| https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 | x_refsource_CONFIRM |
| https://jvn.jp/en/vu/JVNVU92088210/ | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "firmware vME1.16 or prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T04:55:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-3708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "firmware vME1.16 or prior versions"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md",
"refsource": "MISC",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-3708",
"datePublished": "2021-08-16T04:55:13",
"dateReserved": "2021-08-15T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3707
Vulnerability from cvelistv5
Published
2021-08-16 04:55
Modified
2024-08-03 17:01
Severity
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.
References
| URL | Tags |
|---|---|
| https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 | x_refsource_CONFIRM |
| https://jvn.jp/en/vu/JVNVU92088210/ | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "firmware vME1.16 or prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T04:55:11",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "firmware vME1.16 or prior versions"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-15: External Control of System or Configuration Setting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md",
"refsource": "MISC",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-3707",
"datePublished": "2021-08-16T04:55:11",
"dateReserved": "2021-08-15T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity
5.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
References
| URL | Tags |
|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-300",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615GF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615T",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-806A",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-816",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-820",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACG1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-841",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-843",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-853",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-882",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1210",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1260",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1530",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1860",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-224",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-245GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2640U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-G2452GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402GFRU",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G-IL",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-312W",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-953",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Good Line Router v2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "99iz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T15:31:04.290Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-19T08:26:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0717",
"datePublished": "2024-01-19T15:31:04.290Z",
"dateReserved": "2024-01-19T07:21:32.386Z",
"dateUpdated": "2024-08-01T18:11:35.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1010155
Vulnerability from cvelistv5
Published
2019-07-23 13:18
Modified
2024-08-05 03:07
Severity
Summary
D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage
References
| URL | Tags |
|---|---|
| https://youtu.be/BQQbp2vn_wY | x_refsource_MISC |
| http://www.securityfocus.com/bid/109351 | vdb-entry, x_refsource_BID |
| https://cxsecurity.com/issue/WLB-2018080199 | x_refsource_MISC |
| https://www.youtube.com/watch?v=7sk6agpcA_s | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can\u0027t actually configure anything. Thus, there is no denial of service or information leakage"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-08T14:42:47",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can\u0027t actually configure anything. Thus, there is no denial of service or information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/BQQbp2vn_wY",
"refsource": "MISC",
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109351"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018080199",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"name": "https://www.youtube.com/watch?v=7sk6agpcA_s",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010155",
"datePublished": "2019-07-23T13:18:36",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}