Search criteria
21 vulnerabilities found for dcme-720_firmware by dcnetworks
FKIE_CVE-2025-9387
Vulnerability from fkie_nvd - Published: 2025-08-24 12:15 - Updated: 2025-09-12 18:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81 | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321220 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.321220 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.630727 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | 9.1.5.11 | |
| dcnetworks | dcme-720 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:9.1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "468F72CB-FABA-4F10-9D9F-B98D4916995E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en DCN DCME-720 9.1.5.11. Esta afecta a una funci\u00f3n desconocida del archivo /usr/local/www/function/audit/newstatistics/ip_block.php del componente Web Management Backend. La manipulaci\u00f3n del argumento ip provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Otros productos tambi\u00e9n podr\u00edan verse afectados. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9387",
"lastModified": "2025-09-12T18:43:20.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-24T12:15:34.560",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.321220"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321220"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.630727"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52782
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 20:57
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/audit/newstatistics/mon_stat_hist_new.php."
}
],
"id": "CVE-2024-52782",
"lastModified": "2025-11-06T20:57:02.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:11.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52781
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 21:08
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/system/tool/traceroute.php."
}
],
"id": "CVE-2024-52781",
"lastModified": "2025-11-06T21:08:33.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:11.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52780
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 21:08
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/system/basic/mgmt_edit.php."
}
],
"id": "CVE-2024-52780",
"lastModified": "2025-11-06T21:08:21.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:10.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52777
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 21:07
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L, \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L, \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/system/basic/license_update.php."
}
],
"id": "CVE-2024-52777",
"lastModified": "2025-11-06T21:07:47.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:10.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52779
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 21:08
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/audit/newstatistics/mon_stat_top10.php."
}
],
"id": "CVE-2024-52779",
"lastModified": "2025-11-06T21:08:12.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:10.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-52778
Vulnerability from fkie_nvd - Published: 2024-11-29 16:15 - Updated: 2025-11-06 21:08
Severity ?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dcnetworks | dcme-720_firmware | * | |
| dcnetworks | dcme-720 | - | |
| dcnetworks | dcme-320-l_firmware | * | |
| dcnetworks | dcme-320-l | - | |
| dcnetworks | dcme-320_firmware | * | |
| dcnetworks | dcme-320 | - | |
| dcnetworks | dcme-520_firmware | * | |
| dcnetworks | dcme-520 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFE59D-8B88-4D2A-B31B-5B95326A7DAF",
"versionEndIncluding": "9.1.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196AC09F-4CFC-4863-AEDC-8A8CED1C2D44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320-l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D18B1B-6CB1-4FDD-9455-1DFA51CA224F",
"versionEndIncluding": "9.3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6806213-6BA4-4511-86EA-22C937E962AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FAF203-AF23-4E9F-85B7-B4025171F2D8",
"versionEndIncluding": "7.4.12.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C83218E1-F3F6-43B0-925D-F8965C159DEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dcnetworks:dcme-520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A290A0-02E9-4412-ACFD-155FDD138C50",
"versionEndIncluding": "9.25.5.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dcnetworks:dcme-520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66170AD0-D82B-484B-96DA-9FFAB6C79DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php."
},
{
"lang": "es",
"value": "DCME-320 \u0026lt;=7.4.12.90, DCME-520 \u0026lt;=9.25.5.11, DCME-320-L \u0026lt;=9.3.5.26 y DCME-720 \u0026lt;=9.1.5.11 son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de /function/audit/newstatistics/mon_stat_hist.php."
}
],
"id": "CVE-2024-52778",
"lastModified": "2025-11-06T21:08:01.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-29T16:15:10.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-9387 (GCVE-0-2025-9387)
Vulnerability from cvelistv5 – Published: 2025-08-24 12:02 – Updated: 2025-08-25 18:33
VLAI?
Title
DCN DCME-720 Web Management Backend ip_block.php os command injection
Summary
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:33:50.435460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:33:54.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Backend"
],
"product": "DCME-720",
"vendor": "DCN",
"versions": [
{
"status": "affected",
"version": "9.1.5.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in DCN DCME-720 9.1.5.11 gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /usr/local/www/function/audit/newstatistics/ip_block.php der Komponente Web Management Backend. Durch Manipulation des Arguments ip mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T12:02:06.813Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321220 | DCN DCME-720 Web Management Backend ip_block.php os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321220"
},
{
"name": "VDB-321220 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321220"
},
{
"name": "Submit #630727 | DCN DCME-720 9.1.5.11 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630727"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:21:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "DCN DCME-720 Web Management Backend ip_block.php os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9387",
"datePublished": "2025-08-24T12:02:06.813Z",
"dateReserved": "2025-08-23T15:15:59.529Z",
"dateUpdated": "2025-08-25T18:33:54.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52780 (GCVE-0-2024-52780)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:08.879739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:04:57.695926",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52780",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52778 (GCVE-0-2024-52778)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:51.252972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:02:00.796509",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52778",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52779 (GCVE-0-2024-52779)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:55.618140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:03:01.050482",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52779",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52777 (GCVE-0-2024-52777)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:09
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:46.097027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:09:59.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L, \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:00:54.415364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52777",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:09:59.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52781 (GCVE-0-2024-52781)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:01.385320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:05:49.318579",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52781",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52782 (GCVE-0-2024-52782)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:14.399416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:06:36.838245",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52782",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9387 (GCVE-0-2025-9387)
Vulnerability from nvd – Published: 2025-08-24 12:02 – Updated: 2025-08-25 18:33
VLAI?
Title
DCN DCME-720 Web Management Backend ip_block.php os command injection
Summary
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
QMSSDXN (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:33:50.435460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:33:54.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Management Backend"
],
"product": "DCME-720",
"vendor": "DCN",
"versions": [
{
"status": "affected",
"version": "9.1.5.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in DCN DCME-720 9.1.5.11 gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /usr/local/www/function/audit/newstatistics/ip_block.php der Komponente Web Management Backend. Durch Manipulation des Arguments ip mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T12:02:06.813Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321220 | DCN DCME-720 Web Management Backend ip_block.php os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321220"
},
{
"name": "VDB-321220 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321220"
},
{
"name": "Submit #630727 | DCN DCME-720 9.1.5.11 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.630727"
},
{
"tags": [
"related"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/DCME-720/DCME-720.md#%E9%AA%8C%E8%AF%81"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:21:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "DCN DCME-720 Web Management Backend ip_block.php os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9387",
"datePublished": "2025-08-24T12:02:06.813Z",
"dateReserved": "2025-08-23T15:15:59.529Z",
"dateUpdated": "2025-08-25T18:33:54.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52780 (GCVE-0-2024-52780)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:08.879739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:04:57.695926",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52780",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52778 (GCVE-0-2024-52778)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:51.252972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:02:00.796509",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52778",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52779 (GCVE-0-2024-52779)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:55.618140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:03:01.050482",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52779",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52777 (GCVE-0-2024-52777)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:09
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:02:46.097027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:09:59.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L, \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:00:54.415364",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52777",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:09:59.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52781 (GCVE-0-2024-52781)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:01.385320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:05:49.318579",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52781",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52782 (GCVE-0-2024-52782)
Vulnerability from nvd – Published: 2024-11-29 00:00 – Updated: 2024-11-29 18:10
VLAI?
Summary
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "7.4.12.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-520_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.25.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-320-l_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-320-l_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dcnglobal:dcme-720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dcme-720_firmware",
"vendor": "dcnglobal",
"versions": [
{
"lessThanOrEqual": "9.1.5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52782",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T18:03:14.399416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:10:00.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DCME-320 \u003c=7.4.12.90, DCME-520 \u003c=9.25.5.11, DCME-320-L \u003c=9.3.5.26, and DCME-720 \u003c=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T16:06:36.838245",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A/dcme-all-series-rcessix-one/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52782",
"datePublished": "2024-11-29T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-29T18:10:00.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}