Vulnerabilites related to dlink - dir-300
cve-2024-41616
Vulnerability from cvelistv5
Published
2024-08-06 00:00
Modified
2024-08-06 15:58
Severity ?
EPSS score ?
Summary
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dir-300_firmware", vendor: "dlink", versions: [ { status: "affected", version: "1.06b05_ww", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-41616", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-06T15:57:56.089354Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-259", description: "CWE-259 Use of Hard-coded Password", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-06T15:58:09.126Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-06T15:14:56.300385", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md", }, { url: "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-41616", datePublished: "2024-08-06T00:00:00", dateReserved: "2024-07-18T00:00:00", dateUpdated: "2024-08-06T15:58:09.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required | |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | D-Link | DAP-1360 |
Version: 20240112 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T18:11:35.784Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.251542", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.251542", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/999zzzzz/D-Link", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "HTTP GET Request Handler", ], product: "DAP-1360", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-300", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615GF", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615T", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-620", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-620S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-806A", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815AC", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-816", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-820", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-822", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825AC", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825ACF", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825ACG1", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-841", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-842", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-842S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-843", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-853", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-878", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-882", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-1210", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-1260", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-2150", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-X1530", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-X1860", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-224", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-245GR", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-2640U", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-2750U", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-G2452GR", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402GFRU", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-N5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-N5402G-IL", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWM-312W", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWM-321", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWR-921", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWR-953", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "Good Line Router v2", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "99iz (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 5, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Information Disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T15:31:04.290Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.251542", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.251542", }, { tags: [ "exploit", ], url: "https://github.com/999zzzzz/D-Link", }, ], timeline: [ { lang: "en", time: "2024-01-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-01-19T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-01-19T08:26:48.000Z", value: "VulDB entry last update", }, ], title: "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-0717", datePublished: "2024-01-19T15:31:04.290Z", dateReserved: "2024-01-19T07:21:32.386Z", dateUpdated: "2024-08-01T18:11:35.784Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7471
Vulnerability from cvelistv5
Published
2019-06-11 20:46
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s3cur1ty.de/m1adv2013-020 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/27044 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:16.715Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/27044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-11T20:46:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/27044", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7471", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.s3cur1ty.de/m1adv2013-020", refsource: "MISC", url: "http://www.s3cur1ty.de/m1adv2013-020", }, { name: "https://www.exploit-db.com/exploits/27044", refsource: "MISC", url: "https://www.exploit-db.com/exploits/27044", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7471", datePublished: "2019-06-11T20:46:45", dateReserved: "2019-06-11T00:00:00", dateUpdated: "2024-08-06T18:09:16.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4723
Vulnerability from cvelistv5
Published
2011-12-20 11:00
Modified
2025-02-10 20:01
Severity ?
EPSS score ?
Summary
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://en.securitylab.ru/lab/PT-2011-30 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:16:34.283Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://en.securitylab.ru/lab/PT-2011-30", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2011-4723", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T20:01:02.727626Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-4723", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-312", description: "CWE-312 Cleartext Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T20:01:06.236Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-12-20T11:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://en.securitylab.ru/lab/PT-2011-30", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2011-4723", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://en.securitylab.ru/lab/PT-2011-30", refsource: "MISC", url: "http://en.securitylab.ru/lab/PT-2011-30", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2011-4723", datePublished: "2011-12-20T11:00:00.000Z", dateReserved: "2011-12-10T00:00:00.000Z", dateUpdated: "2025-02-10T20:01:06.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31814
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-17 17:53
Severity ?
EPSS score ?
Summary
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:56:35.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31814", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-17T17:49:11.316527Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-706", description: "CWE-706 Use of Incorrectly-Resolved Name or Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-17T17:53:54.721Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.dlink.com/en/security-bulletin/", }, { url: "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31814", datePublished: "2023-05-23T00:00:00", dateReserved: "2023-04-29T00:00:00", dateUpdated: "2025-01-17T17:53:54.721Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202401-0959
Vulnerability from variot
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0959", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-x1860", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-2640u", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-842", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-g2452gr", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwm-321", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-2150", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-806a", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-n5402g", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-x1530", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwm-312w", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwr-921", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-882", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-853", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-1210", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-5402g", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-1260", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615t", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815\\/ac", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-224", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-5402g\\/gfru", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-841", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-816", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825acf", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-820", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-620", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-n5402g\\/il", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825acg1", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-842s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825ac", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-2750u", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-245gr", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615gf", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-843", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dap-1360", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-620s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-300", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-878", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwr-953", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-615t", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-825acf", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-825acg1", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-x1530", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-842s", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-853", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-1210", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-1260", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-615", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-806a", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-841", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815s", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-842", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-878", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dsl-g2452gr", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dsl-245gr", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-300", scope: null, trust: 0.8, vendor: "d link", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2024-0717", }, ], }, cve: "CVE-2024-0717", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2024-0717", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2024-0717", trust: 1.8, value: "MEDIUM", }, { author: "cna@vuldb.com", id: "CVE-2024-0717", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2024-0717", }, { db: "JVNDB", id: "JVNDB-2024-001679", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2024-0717", trust: 2.6, }, { db: "VULDB", id: "251542", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2024-001679", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, id: "VAR-202401-0959", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.618071456875, }, last_update_date: "2024-05-17T23:12:33.116000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/999zzzzz/d-link", }, { trust: 1.8, url: "https://vuldb.com/?ctiid.251542", }, { trust: 1.8, url: "https://vuldb.com/?id.251542", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2024-0717", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T00:00:00", db: "JVNDB", id: "JVNDB-2024-001679", }, { date: "2024-01-19T16:15:11.190000", db: "NVD", id: "CVE-2024-0717", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T01:48:00", db: "JVNDB", id: "JVNDB-2024-001679", }, { date: "2024-05-17T02:34:53.200000", db: "NVD", id: "CVE-2024-0717", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Systems, Inc. Product vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, ], trust: 0.8, }, }
var-201906-0703
Vulnerability from variot
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link.
Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0703", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-600", scope: "lt", trust: 1, vendor: "dlink", version: "2.17b01", }, { model: "dir-300", scope: "eq", trust: 1, vendor: "dlink", version: "2.14b01", }, { model: "dir-845", scope: "lt", trust: 1, vendor: "dlink", version: "1.02b03", }, { model: "dir-865", scope: "eq", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-645", scope: "lt", trust: 1, vendor: "dlink", version: "1.04b11", }, { model: "dir-300", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-600", scope: "lt", trust: 0.8, vendor: "d link", version: "2.17b01", }, { model: "dir-645", scope: "lt", trust: 0.8, vendor: "d link", version: "1.04b11", }, { model: "dir-845", scope: "lt", trust: 0.8, vendor: "d link", version: "1.02b03", }, { model: "dir-865", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-600 <v2.17b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-645 <v1.04b11", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-845 <v1.02b03", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.17b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.04b11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.02b03", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-7471", }, ], }, cve: "CVE-2013-7471", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-7471", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2019-39561", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-67473", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-7471", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-7471", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2019-39561", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201906-399", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-67473", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2013-7471", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. \n\nCommand injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev", sources: [ { db: "NVD", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-7471", trust: 3.2, }, { db: "EXPLOIT-DB", id: "27044", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2013-006844", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-399", trust: 0.7, }, { db: "EXPLOITDB", id: "27044", trust: 0.6, }, { db: "CNVD", id: "CNVD-2019-39561", trust: 0.6, }, { db: "VULHUB", id: "VHN-67473", trust: 0.1, }, { db: "VULMON", id: "CVE-2013-7471", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, id: "VAR-201906-0703", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, ], trust: 1.454548685, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, ], }, last_update_date: "2023-12-18T13:43:21.743000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "http://us.dlink.com/", }, { title: "Patch for Command injection vulnerability in multiple D-Link products", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/189043", }, { title: "Multiple D-Link Product Command Injection Vulnerability Fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93638", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-67473", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "http://www.s3cur1ty.de/m1adv2013-020", }, { trust: 2.4, url: "https://www.exploit-db.com/exploits/27044", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-7471", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39561", }, { date: "2019-06-11T00:00:00", db: "VULHUB", id: "VHN-67473", }, { date: "2019-06-11T00:00:00", db: "VULMON", id: "CVE-2013-7471", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2013-006844", }, { date: "2019-06-11T21:29:00.397000", db: "NVD", id: "CVE-2013-7471", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39561", }, { date: "2019-06-12T00:00:00", db: "VULHUB", id: "VHN-67473", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2013-7471", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2013-006844", }, { date: "2021-04-23T14:20:32.750000", db: "NVD", id: "CVE-2013-7471", }, { date: "2019-06-13T00:00:00", db: "CNNVD", id: "CNNVD-201906-399", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-399", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Command injection vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2013-006844", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-201906-399", }, ], trust: 0.6, }, }
var-202305-2256
Vulnerability from variot
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. D-Link Systems, Inc. of DIR-300 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-2256", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-300", scope: "lte", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-300", scope: "lte", trust: 1, vendor: "dlink", version: "1.06", }, { model: "dir-300", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-300 firmware 2.06 and earlier", }, { model: "dir-300", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-300", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-300 firmware 1.06 and earlier", }, { model: "dir-300", scope: "eq", trust: 0.8, vendor: "d link", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.06", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.06", vulnerable: true, }, { cpe23Uri: "cpe:2.3:h:dlink:dir-300:a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.06", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.06", vulnerable: true, }, { cpe23Uri: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-31814", }, ], }, cve: "CVE-2023-31814", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2023-31814", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2023-31814", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-31814", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202305-2017", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "CNNVD", id: "CNNVD-202305-2017", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. D-Link Systems, Inc. of DIR-300 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-31814", }, { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "VULMON", id: "CVE-2023-31814", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-31814", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-010965", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202305-2017", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-31814", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-31814", }, { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "CNNVD", id: "CNNVD-202305-2017", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, id: "VAR-202305-2256", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.74125874, }, last_update_date: "2023-12-13T22:33:41.339000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 2.5, url: "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-31814", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-31814/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-31814", }, { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "CNNVD", id: "CNNVD-202305-2017", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-31814", }, { db: "JVNDB", id: "JVNDB-2023-010965", }, { db: "CNNVD", id: "CNNVD-202305-2017", }, { db: "NVD", id: "CVE-2023-31814", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-23T00:00:00", db: "VULMON", id: "CVE-2023-31814", }, { date: "2023-12-12T00:00:00", db: "JVNDB", id: "JVNDB-2023-010965", }, { date: "2023-05-23T00:00:00", db: "CNNVD", id: "CNNVD-202305-2017", }, { date: "2023-05-23T01:15:00", db: "NVD", id: "CVE-2023-31814", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-05-23T00:00:00", db: "VULMON", id: "CVE-2023-31814", }, { date: "2023-12-12T01:18:00", db: "JVNDB", id: "JVNDB-2023-010965", }, { date: "2023-05-31T00:00:00", db: "CNNVD", id: "CNNVD-202305-2017", }, { date: "2023-05-30T19:00:00", db: "NVD", id: "CVE-2023-31814", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202305-2017", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link Systems, Inc. of DIR-300 Firmware vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2023-010965", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202305-2017", }, ], trust: 0.6, }, }
var-201112-0187
Vulnerability from variot
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. D-Link DIR-300 routers are vulnerable to encryption issues
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0187", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-300", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-300", scope: "eq", trust: 1, vendor: "dlink", version: "*", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2011-4723", }, ], }, cve: "CVE-2011-4723", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, impactScore: 6.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "None", baseScore: 6.8, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2011-4723", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-52668", impactScore: 6.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2011-4723", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201112-376", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-52668", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2011-4723", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-52668", }, { db: "VULMON", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. D-Link DIR-300 routers are vulnerable to encryption issues", sources: [ { db: "NVD", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "VULHUB", id: "VHN-52668", }, { db: "VULMON", id: "CVE-2011-4723", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2011-4723", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2011-003481", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201112-376", trust: 0.7, }, { db: "VULHUB", id: "VHN-52668", trust: 0.1, }, { db: "VULMON", id: "CVE-2011-4723", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-52668", }, { db: "VULMON", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, id: "VAR-201112-0187", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-52668", }, ], trust: 0.84125874, }, last_update_date: "2023-12-26T22:58:13.833000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "http://www.dlink.com", }, { title: "D-Link DIR-300 Repair Measures for Router Encryption Vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234980", }, { title: "Known Exploited Vulnerabilities Detector", trust: 0.1, url: "https://github.com/ostorlab/kev ", }, ], sources: [ { db: "VULMON", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-310", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-52668", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "http://en.securitylab.ru/lab/pt-2011-30", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4723", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4723", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/310.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/ostorlab/kev", }, ], sources: [ { db: "VULHUB", id: "VHN-52668", }, { db: "VULMON", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-52668", }, { db: "VULMON", id: "CVE-2011-4723", }, { db: "JVNDB", id: "JVNDB-2011-003481", }, { db: "NVD", id: "CVE-2011-4723", }, { db: "CNNVD", id: "CNNVD-201112-376", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2011-12-20T00:00:00", db: "VULHUB", id: "VHN-52668", }, { date: "2011-12-20T00:00:00", db: "VULMON", id: "CVE-2011-4723", }, { date: "2011-12-21T00:00:00", db: "JVNDB", id: "JVNDB-2011-003481", }, { date: "2011-12-20T11:55:08.413000", db: "NVD", id: "CVE-2011-4723", }, { date: "2011-12-21T00:00:00", db: "CNNVD", id: "CNNVD-201112-376", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2011-12-20T00:00:00", db: "VULHUB", id: "VHN-52668", }, { date: "2023-04-26T00:00:00", db: "VULMON", id: "CVE-2011-4723", }, { date: "2011-12-21T00:00:00", db: "JVNDB", id: "JVNDB-2011-003481", }, { date: "2023-04-26T18:55:30.893000", db: "NVD", id: "CVE-2011-4723", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201112-376", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201112-376", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-300 Vulnerability to obtain important information in router", sources: [ { db: "JVNDB", id: "JVNDB-2011-003481", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-201112-376", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2011-12-20 11:55
Modified
2025-02-10 20:15
Severity ?
Summary
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://en.securitylab.ru/lab/PT-2011-30 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://en.securitylab.ru/lab/PT-2011-30 | Broken Link |
{ cisaActionDue: "2022-09-29", cisaExploitAdd: "2022-09-08", cisaRequiredAction: "The impacted product is end-of-life and should be disconnected if still in use.", cisaVulnerabilityName: "D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:*:*:*:*:*:*:*:*", matchCriteriaId: "46716C2A-12B7-414A-A1A2-CB49FCBDE8AE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.", }, { lang: "es", value: "El router D-Link DIR-300 almacena contraseñas en texto plano, lo que permite a atacantes locales o remotos obtener información sensible a través de vectores desconocidos.", }, ], id: "CVE-2011-4723", lastModified: "2025-02-10T20:15:32.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2011-12-20T11:55:08.413", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://en.securitylab.ru/lab/PT-2011-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://en.securitylab.ru/lab/PT-2011-30", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-312", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-19 16:15
Modified
2024-11-21 08:47
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.251542 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81B11B0F-8307-4845-A322-2CB3FE85840D", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*", matchCriteriaId: "129E5D3B-B94F-4F33-B64C-35115AFB1165", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F4A6809-F1A7-416B-9345-9F7A37B7BF71", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*", matchCriteriaId: "D789C69F-5063-43B7-AB71-5B0C9294D55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19167352-59AF-4D47-BC80-A1599F24DE0A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*", matchCriteriaId: "AF5C311E-DB22-452B-BC26-265E3A84B57C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9867D17E-123A-4A33-A058-12BF1AC453F8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2899DF29-FDF6-4D57-8846-3DADCC5349A0", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*", matchCriteriaId: "7FF2C35C-8C59-4D36-8CC9-AE03853B40D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CCF939D-719A-4682-ADD8-C1DE484E5377", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*", matchCriteriaId: "7038F8A9-03F3-4442-B371-84801EF05447", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9302B88E-28ED-486C-9E64-D38B9B857E89", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", matchCriteriaId: "2E92E959-C211-4979-A233-163BEFCF6F0D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5039D893-1396-42D0-91D9-2E02B974EF98", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", matchCriteriaId: "C05AE997-7966-4CCA-B58A-93B684D55F60", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9001FB50-6B3D-4EE2-BC9F-920DE95BDC58", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*", matchCriteriaId: "332F4880-9D76-4C74-95DE-730F72879EC4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F28A25B0-D5E9-4668-B00A-F4F2B34C7457", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*", matchCriteriaId: "28A60F07-0DA7-47AD-B3C0-E1F6ED630C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEAC2985-B6E3-4215-8BA5-B6653BCB5EC6", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*", matchCriteriaId: "926B41A6-009F-444D-BE5C-B517F844E99B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02D27414-7D38-40A6-978B-6A9417A2D09C", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA077FA3-FA87-4B2D-897E-A7B1A7BC7642", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF8EB08-A378-4F14-ADD9-E97C244DD80D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB2BFA6C-D260-4B9F-952A-E185BCD0F415", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*", matchCriteriaId: "517C1250-268D-45A7-9BD1-EACE4BA1BA82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2DAE783-B0F3-4765-A7FD-945F041369E7", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", matchCriteriaId: "9D288C73-F89A-47FF-AF11-143C3DFDF942", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D626BD4C-D4D2-4CC5-91EF-AF938A5C1983", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*", matchCriteriaId: "AD011B62-C988-463A-8672-F5BD0D984179", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4477BE0A-BC4A-4534-8FED-3045CD373008", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*", matchCriteriaId: "951C4DD2-B472-401B-A1FF-4FE5957A5213", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "87DB97AC-CBBA-422D-8DE3-E82DC1D73A98", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*", matchCriteriaId: "AC2143B3-B3A0-41D6-B8F7-78CE40B1759C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDCB1321-793F-455C-847C-E5033A920F1F", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*", matchCriteriaId: "996A7C60-49BB-46BE-8A2C-CEABA71FBEB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F2A35FF-2623-4D3C-920A-42B836984085", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*", matchCriteriaId: "0C6BA467-0AB4-42BF-BBD1-59E2FA03CF42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C0D3126B-FE49-4C78-A734-95C3C0276AE2", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*", matchCriteriaId: "09E483F8-5B0E-498A-B1CA-8F1EA5FD350C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3A04F04-D2DC-4DC9-B44B-F5DEC933E9AC", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*", matchCriteriaId: "06F065A1-2599-442C-AB55-DE24D47A7869", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A61E0E68-F20D-4663-9855-B71F60266B83", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*", matchCriteriaId: "43F0390E-B9E1-463A-A08C-B529778EE72F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9FE9B1C-6246-458F-AF0D-E624D1DBFAE2", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*", matchCriteriaId: "A74ABB9E-FD49-431A-BB23-9DCA44B8A806", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F098AF6-DC38-4D50-9316-809349CB573E", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*", matchCriteriaId: "1DF4C296-C8AA-4197-B280-ED5D22C70156", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D27F65EC-6C50-4691-99A2-EA1C1D3DE0C8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*", matchCriteriaId: "F1C2C7F0-FE1C-4B95-9636-FA6041C85C44", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2472D8A-C45A-447B-A296-B2BB93A7E948", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", matchCriteriaId: "F6ECB8ED-F3A2-4C05-8570-719ECB166B09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B065B35-4FC9-4D4C-823D-F06418454CC9", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F03A354-6EBE-4081-9234-00DCB747EAB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A78E427F-121A-4453-B0BD-48C2A516FE5A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*", matchCriteriaId: "291ACFCF-032B-466D-9C5B-D5CCF9CA7DD9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "500B6A19-ED9A-404C-A071-D77F4263288F", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*", matchCriteriaId: "5C744969-0177-4E24-8E60-1DB0EFE1E5C5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29D9E5D9-B9E8-4BD0-B6DC-F253559925B3", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*", matchCriteriaId: "66BD8659-B935-441C-9AFF-20E8AE157E2B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E3BFEE9-5E48-4D94-977B-7A79CF2AEB1A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", matchCriteriaId: "A46288E8-3105-4FAA-80E7-94EECD1764F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D83F75D8-3563-4A07-A794-6970A63EAA9B", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E95864-1D6F-4BB2-9940-144385527271", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1790403-AC76-4A3E-B727-836AF7ABCF10", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*", matchCriteriaId: "6C30FD50-1AC6-476A-85B9-30D24E0663DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7B29BE39-F488-4C74-8B5C-F8D6C3256F96", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*", matchCriteriaId: "85293557-FC2C-4A56-8EA0-6E12968E7FBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "672ADB90-0062-48CE-B437-28919980A4B0", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C4C431-489D-4F09-A312-B4FBCC38E91E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AA2FBAD-C15D-4908-AB8B-23087354D4A8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*", matchCriteriaId: "E37EEA4D-B3F6-4A39-971C-07C1CB0BA209", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "236D3547-1FB9-44B3-ABD2-F948912B6D4D", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*", matchCriteriaId: "B118E9B4-961D-46B6-95E3-514A99C8BFA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "065F9B59-FBA8-4798-8F29-82741815B0CD", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*", matchCriteriaId: "7C8BB581-D7A3-494A-AB43-BCAE390ED692", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC3409D3-C046-410B-96BB-128FC1C2C097", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*", matchCriteriaId: "9932A023-1CE6-4915-812D-F3CE5EAB114C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5AEE17B3-F77C-4F3A-92D7-99BFF1F1A824", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*", matchCriteriaId: "1127DA2D-4024-4962-B8FB-C81E07B1AE94", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B0191F0-DB03-479F-BA89-8CBF6F378BD6", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", matchCriteriaId: "E5A7A48A-C126-4EF2-91F8-A8D9987525FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "43227AC8-29BA-43E9-AB4F-10C83F222514", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*", matchCriteriaId: "9199BBF6-42E4-418E-8A3C-7F69CCB3D145", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "876FA028-A6B1-488A-A29D-038D93539C07", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*", matchCriteriaId: "B54058C1-B58F-434A-ABF0-A6B314A1AB14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815 y clasificada como crítica , DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR -843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U , DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 y Good Line Router v2 hasta 20240112 Esta vulnerabilidad afecta a código desconocido del archivo /devinfo del componente HTTP GET Request Handler. La manipulación del área de argumentos con la entrada aviso|net|versión conduce a la divulgación de información. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-251542 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-0717", lastModified: "2024-11-21T08:47:12.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-19T16:15:11.190", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/999zzzzz/D-Link", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.251542", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.251542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/999zzzzz/D-Link", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.251542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.251542", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-11 21:29
Modified
2024-11-21 02:01
Severity ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | 2.14b01 | |
| dlink | dir-300 | b | |
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - | |
| dlink | dir-645_firmware | * | |
| dlink | dir-645 | - | |
| dlink | dir-845_firmware | * | |
| dlink | dir-845 | - | |
| dlink | dir-865_firmware | 1.05b03 | |
| dlink | dir-865 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*", matchCriteriaId: "3FA53054-8F21-497B-B220-CB77F0F997C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", matchCriteriaId: "3C94BE4B-01ED-4300-AEA0-498D3DCF608D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81DD6B48-FCE3-4220-8677-69665DE92A6E", versionEndExcluding: "2.17b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A8637C-BD16-4B96-A1DA-34529F3169D3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57B7E296-D25F-4991-ABE9-4FA07846ED3D", versionEndExcluding: "1.04b11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*", matchCriteriaId: "D7D49F68-E15D-478B-B88E-089291BF7DB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACEC2324-0103-45B1-A874-1FA3AC9C3CA4", versionEndExcluding: "1.02b03", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*", matchCriteriaId: "F89A1489-4ACD-4140-A130-12CD7409437A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*", matchCriteriaId: "C69C3448-3D2C-4FF8-80C5-AB73B0AFD39D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*", matchCriteriaId: "1DE230FF-F0FD-42F2-BBFB-CD2B9DD5EA1D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, { lang: "es", value: "Se descubrió un problema en soap.cgi? Service = WANIPConn1 en D-Link DIR-845 anterior de v1.02b03, DIR-600 antes de v2.17b01, DIR-645 anterior de v1.04b11, DIR-300 rev. B, y dispositivos DIR-865. Existe una Inyección de comandos a través de metacaracteres de shell en el elemento NewInternalClient, NewExternalPort o NewInternalPort de una solicitud POST de SOAP.", }, ], id: "CVE-2013-7471", lastModified: "2024-11-21T02:01:05.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-11T21:29:00.397", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/27044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/27044", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-23 01:15
Modified
2025-01-17 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | * | |
| dlink | dir-300 | a | |
| dlink | dir-300_firmware | * | |
| dlink | dir-300 | b |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "58317720-E35D-4B04-9ED8-20F9891C201B", versionEndIncluding: "1.06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:a:*:*:*:*:*:*:*", matchCriteriaId: "EDA56E33-B2C7-4D57-B70A-D1ED9FEDB644", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "022C9ACD-5E0C-412D-8F3D-DC444FF1EDFA", versionEndIncluding: "2.06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", matchCriteriaId: "3C94BE4B-01ED-4300-AEA0-498D3DCF608D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.", }, ], id: "CVE-2023-31814", lastModified: "2025-01-17T18:15:23.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-23T01:15:10.087", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-706", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-06 16:15
Modified
2024-08-07 20:54
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616 | Third Party Advisory | |
| cve@mitre.org | https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | 1.06b05_ww | |
| dlink | dir-300 | a |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*", matchCriteriaId: "36A2AF0E-E92C-49FA-B98B-615956616275", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:a:*:*:*:*:*:*:*", matchCriteriaId: "EDA56E33-B2C7-4D57-B70A-D1ED9FEDB644", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.", }, { lang: "es", value: "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contiene credenciales codificadas en el servicio Telnet.", }, ], id: "CVE-2024-41616", lastModified: "2024-08-07T20:54:20.793", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-06T16:15:49.260", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-259", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }