Vulnerabilites related to dlink - dir-600
Vulnerability from fkie_nvd
Published
2023-06-12 20:15
Modified
2024-11-21 08:05
Severity ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | 2.18 | |
| dlink | dir-600 | b5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*", matchCriteriaId: "2E697344-0C5B-4B30-B199-87AFB7A4581F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*", matchCriteriaId: "43D0282B-AEE7-45DD-AF27-1776072C45BB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.", }, ], id: "CVE-2023-33626", lastModified: "2024-11-21T08:05:46.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-12T20:15:12.667", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-13 11:59
Modified
2024-12-20 03:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | Exploit, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/57304 | Broken Link | |
| cve@mitre.org | http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57304 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - |
{ cisaActionDue: "2024-06-06", cisaExploitAdd: "2024-05-16", cisaRequiredAction: "This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.", cisaVulnerabilityName: "D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEC4A091-E1B0-42D0-80B7-D84D6E430E01", versionEndIncluding: "2.16ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A8637C-BD16-4B96-A1DA-34529F3169D3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.", }, { lang: "es", value: "Múltiples vulnerabilidades de CSRF en el router D-Link DIR-600 (rev. Bx) con firmware anterior a 2.17b02 permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) crean una cuenta de administrador o (2) habilitan la gestión remota a través de un módulo de configuración manipulado en hedwig.cgi, (3) activan nuevos ajustes de configuraciones a través de una acción SETCFG,SAVE,ACTIVATE en pigwidgeon.cgi, o (4) envían un ping a través de una acción ping en diagnostic.php.", }, ], id: "CVE-2014-100005", lastModified: "2024-12-20T03:42:23.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2015-01-13T11:59:04.477", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/57304", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/57304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-11 21:29
Modified
2024-11-21 02:01
Severity ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.s3cur1ty.de/m1adv2013-020 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/27044 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-300_firmware | 2.14b01 | |
| dlink | dir-300 | b | |
| dlink | dir-600_firmware | * | |
| dlink | dir-600 | - | |
| dlink | dir-645_firmware | * | |
| dlink | dir-645 | - | |
| dlink | dir-845_firmware | * | |
| dlink | dir-845 | - | |
| dlink | dir-865_firmware | 1.05b03 | |
| dlink | dir-865 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*", matchCriteriaId: "3FA53054-8F21-497B-B220-CB77F0F997C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", matchCriteriaId: "3C94BE4B-01ED-4300-AEA0-498D3DCF608D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81DD6B48-FCE3-4220-8677-69665DE92A6E", versionEndExcluding: "2.17b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A8637C-BD16-4B96-A1DA-34529F3169D3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "57B7E296-D25F-4991-ABE9-4FA07846ED3D", versionEndExcluding: "1.04b11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*", matchCriteriaId: "D7D49F68-E15D-478B-B88E-089291BF7DB6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACEC2324-0103-45B1-A874-1FA3AC9C3CA4", versionEndExcluding: "1.02b03", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*", matchCriteriaId: "F89A1489-4ACD-4140-A130-12CD7409437A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*", matchCriteriaId: "C69C3448-3D2C-4FF8-80C5-AB73B0AFD39D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*", matchCriteriaId: "1DE230FF-F0FD-42F2-BBFB-CD2B9DD5EA1D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, { lang: "es", value: "Se descubrió un problema en soap.cgi? Service = WANIPConn1 en D-Link DIR-845 anterior de v1.02b03, DIR-600 antes de v2.17b01, DIR-645 anterior de v1.04b11, DIR-300 rev. B, y dispositivos DIR-865. Existe una Inyección de comandos a través de metacaracteres de shell en el elemento NewInternalClient, NewExternalPort o NewInternalPort de una solicitud POST de SOAP.", }, ], id: "CVE-2013-7471", lastModified: "2024-11-21T02:01:05.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-11T21:29:00.397", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/27044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/27044", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-12 20:15
Modified
2024-11-21 08:05
Severity ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-600_firmware | 2.18 | |
| dlink | dir-600 | b5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*", matchCriteriaId: "2E697344-0C5B-4B30-B199-87AFB7A4581F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*", matchCriteriaId: "43D0282B-AEE7-45DD-AF27-1776072C45BB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.", }, ], id: "CVE-2023-33625", lastModified: "2024-11-21T08:05:46.353", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-12T20:15:12.610", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", }, { source: "cve@mitre.org", url: "https://hackmd.io/%40naihsin/By2datZD2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://hackmd.io/%40naihsin/By2datZD2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202306-0904
Vulnerability from variot
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company.
There is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0904", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-600", scope: "eq", trust: 1, vendor: "dlink", version: "2.18", }, { model: "dir-600", scope: "eq", trust: 0.6, vendor: "d link", version: "2.18", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "NVD", id: "CVE-2023-33625", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-33625", }, ], }, cve: "CVE-2023-33625", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-50813", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-33625", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2023-50813", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202306-822", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "NVD", id: "CVE-2023-33625", }, { db: "CNNVD", id: "CNNVD-202306-822", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution", sources: [ { db: "NVD", id: "CVE-2023-33625", }, { db: "CNVD", id: "CNVD-2023-50813", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-33625", trust: 2.2, }, { db: "CNVD", id: "CNVD-2023-50813", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202306-822", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "NVD", id: "CVE-2023-33625", }, { db: "CNNVD", id: "CNNVD-202306-822", }, ], }, id: "VAR-202306-0904", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, ], trust: 1.4148147999999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, ], }, last_update_date: "2023-12-18T13:45:56.476000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-33625", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://github.com/naihsin/iot/blob/main/d-link/dir-600/cmd%20injection/readme.md", }, { trust: 1.6, url: "https://github.com/naihsin/iot/tree/main/d-link/dir-600/cmd%20injection", }, { trust: 1.6, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 1, url: "https://hackmd.io/%40naihsin/by2datzd2", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2023-33625", }, { trust: 0.6, url: "https://hackmd.io/@naihsin/by2datzd2", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-33625/", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "NVD", id: "CVE-2023-33625", }, { db: "CNNVD", id: "CNNVD-202306-822", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "NVD", id: "CVE-2023-33625", }, { db: "CNNVD", id: "CNNVD-202306-822", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-25T00:00:00", db: "CNVD", id: "CNVD-2023-50813", }, { date: "2023-06-12T20:15:12.610000", db: "NVD", id: "CVE-2023-33625", }, { date: "2023-06-12T00:00:00", db: "CNNVD", id: "CNNVD-202306-822", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-25T00:00:00", db: "CNVD", id: "CNVD-2023-50813", }, { date: "2023-11-07T04:15:06.080000", db: "NVD", id: "CVE-2023-33625", }, { date: "2023-06-19T00:00:00", db: "CNNVD", id: "CNNVD-202306-822", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-822", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-600 Command Injection Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2023-50813", }, { db: "CNNVD", id: "CNNVD-202306-822", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-202306-822", }, ], trust: 0.6, }, }
var-201906-0703
Vulnerability from variot
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link.
Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0703", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-600", scope: "lt", trust: 1, vendor: "dlink", version: "2.17b01", }, { model: "dir-300", scope: "eq", trust: 1, vendor: "dlink", version: "2.14b01", }, { model: "dir-845", scope: "lt", trust: 1, vendor: "dlink", version: "1.02b03", }, { model: "dir-865", scope: "eq", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-645", scope: "lt", trust: 1, vendor: "dlink", version: "1.04b11", }, { model: "dir-300", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-600", scope: "lt", trust: 0.8, vendor: "d link", version: "2.17b01", }, { model: "dir-645", scope: "lt", trust: 0.8, vendor: "d link", version: "1.04b11", }, { model: "dir-845", scope: "lt", trust: 0.8, vendor: "d link", version: "1.02b03", }, { model: "dir-865", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-600 <v2.17b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-645 <v1.04b11", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-845 <v1.02b03", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:2.14b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.17b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.04b11", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-845_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.02b03", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-845:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865_firmware:1.05b03:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-7471", }, ], }, cve: "CVE-2013-7471", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-7471", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2019-39561", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-67473", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-7471", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-7471", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2019-39561", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201906-399", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-67473", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2013-7471", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. \n\nCommand injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev", sources: [ { db: "NVD", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-7471", trust: 3.2, }, { db: "EXPLOIT-DB", id: "27044", trust: 2.4, }, { db: "JVNDB", id: "JVNDB-2013-006844", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-399", trust: 0.7, }, { db: "EXPLOITDB", id: "27044", trust: 0.6, }, { db: "CNVD", id: "CNVD-2019-39561", trust: 0.6, }, { db: "VULHUB", id: "VHN-67473", trust: 0.1, }, { db: "VULMON", id: "CVE-2013-7471", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, id: "VAR-201906-0703", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, ], trust: 1.454548685, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, ], }, last_update_date: "2023-12-18T13:43:21.743000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "http://us.dlink.com/", }, { title: "Patch for Command injection vulnerability in multiple D-Link products", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/189043", }, { title: "Multiple D-Link Product Command Injection Vulnerability Fixes", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93638", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-67473", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "http://www.s3cur1ty.de/m1adv2013-020", }, { trust: 2.4, url: "https://www.exploit-db.com/exploits/27044", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-7471", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39561", }, { db: "VULHUB", id: "VHN-67473", }, { db: "VULMON", id: "CVE-2013-7471", }, { db: "JVNDB", id: "JVNDB-2013-006844", }, { db: "NVD", id: "CVE-2013-7471", }, { db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39561", }, { date: "2019-06-11T00:00:00", db: "VULHUB", id: "VHN-67473", }, { date: "2019-06-11T00:00:00", db: "VULMON", id: "CVE-2013-7471", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2013-006844", }, { date: "2019-06-11T21:29:00.397000", db: "NVD", id: "CVE-2013-7471", }, { date: "2019-06-11T00:00:00", db: "CNNVD", id: "CNNVD-201906-399", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39561", }, { date: "2019-06-12T00:00:00", db: "VULHUB", id: "VHN-67473", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2013-7471", }, { date: "2019-06-20T00:00:00", db: "JVNDB", id: "JVNDB-2013-006844", }, { date: "2021-04-23T14:20:32.750000", db: "NVD", id: "CVE-2013-7471", }, { date: "2019-06-13T00:00:00", db: "CNNVD", id: "CNNVD-201906-399", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201906-399", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Command injection vulnerability in the product", sources: [ { db: "JVNDB", id: "JVNDB-2013-006844", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-201906-399", }, ], trust: 0.6, }, }
var-201501-0347
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0347", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-600", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-600", scope: "eq", trust: 1, vendor: "dlink", version: null, }, { model: "dir-600", scope: "lte", trust: 1, vendor: "dlink", version: "2.16ww", }, { model: "dir-600", scope: "eq", trust: 0.8, vendor: "d link", version: null, }, { model: "dir-600", scope: "eq", trust: 0.8, vendor: "d link", version: "firmware 2.17b02", }, { model: "dir-600", scope: "eq", trust: 0.6, vendor: "d link", version: "2.16ww", }, { model: "dir-600 2.16ww", scope: null, trust: 0.3, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "BID", id: "66092", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.16ww", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-100005", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Dawid Czagan", sources: [ { db: "BID", id: "66092", }, { db: "CNNVD", id: "CNNVD-201403-571", }, ], trust: 0.9, }, cve: "CVE-2014-100005", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2014-100005", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "CNVD", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 6.8, id: "CNVD-2014-01581", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-68501", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2014-100005", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2014-01581", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201403-571", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-68501", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "VULHUB", id: "VHN-68501", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link", sources: [ { db: "NVD", id: "CVE-2014-100005", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNVD", id: "CNVD-2014-01581", }, { db: "BID", id: "66092", }, { db: "VULHUB", id: "VHN-68501", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-100005", trust: 3.3, }, { db: "SECUNIA", id: "57304", trust: 2.3, }, { db: "DLINK", id: "SAP10018", trust: 2, }, { db: "BID", id: "66092", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2014-007601", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201403-571", trust: 0.7, }, { db: "CNVD", id: "CNVD-2014-01581", trust: 0.6, }, { db: "XF", id: "91794", trust: 0.6, }, { db: "SEEBUG", id: "SSVID-89342", trust: 0.1, }, { db: "VULHUB", id: "VHN-68501", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "VULHUB", id: "VHN-68501", }, { db: "BID", id: "66092", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, id: "VAR-201501-0347", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "VULHUB", id: "VHN-68501", }, ], trust: 1.5148148, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, ], }, last_update_date: "2024-06-02T22:46:13.922000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP10018", trust: 0.8, url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018", }, { title: "DIR-600_REVB_FIRMWARE_2.17.B02", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57137", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.1, }, { problemtype: "Cross-site request forgery (CWE-352) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-68501", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.4, url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { trust: 2, url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018", }, { trust: 1.7, url: "http://secunia.com/advisories/57304", }, { trust: 1.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100005", }, { trust: 0.8, url: "https://cisa.gov/known-exploited-vulnerabilities-catalog", }, { trust: 0.6, url: "http://secunia.com/advisories/57304/", }, { trust: 0.6, url: "http://xforce.iss.net/xforce/xfdb/91794", }, { trust: 0.6, url: "http://www.securityfocus.com/bid/66092", }, { trust: 0.3, url: "http://www.dlink.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "VULHUB", id: "VHN-68501", }, { db: "BID", id: "66092", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2014-01581", }, { db: "VULHUB", id: "VHN-68501", }, { db: "BID", id: "66092", }, { db: "JVNDB", id: "JVNDB-2014-007601", }, { db: "CNNVD", id: "CNNVD-201403-571", }, { db: "NVD", id: "CVE-2014-100005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-03-12T00:00:00", db: "CNVD", id: "CNVD-2014-01581", }, { date: "2015-01-13T00:00:00", db: "VULHUB", id: "VHN-68501", }, { date: "2014-03-10T00:00:00", db: "BID", id: "66092", }, { date: "2015-01-15T00:00:00", db: "JVNDB", id: "JVNDB-2014-007601", }, { date: "2014-03-10T00:00:00", db: "CNNVD", id: "CNNVD-201403-571", }, { date: "2015-01-13T11:59:04.477000", db: "NVD", id: "CVE-2014-100005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-03-12T00:00:00", db: "CNVD", id: "CNVD-2014-01581", }, { date: "2017-09-08T00:00:00", db: "VULHUB", id: "VHN-68501", }, { date: "2014-03-10T00:00:00", db: "BID", id: "66092", }, { date: "2024-05-31T06:43:00", db: "JVNDB", id: "JVNDB-2014-007601", }, { date: "2015-01-15T00:00:00", db: "CNNVD", id: "CNNVD-201403-571", }, { date: "2024-05-18T01:00:01.410000", db: "NVD", id: "CVE-2014-100005", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201403-571", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-600 Cross-site request forgery vulnerability in router firmware", sources: [ { db: "JVNDB", id: "JVNDB-2014-007601", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-201403-571", }, ], trust: 0.6, }, }
var-202306-0930
Vulnerability from variot
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company.
There is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0930", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-600", scope: "eq", trust: 1, vendor: "dlink", version: "2.18", }, { model: "dir-600", scope: "eq", trust: 0.6, vendor: "d link", version: "2.18", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, { db: "NVD", id: "CVE-2023-33626", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-600_firmware:2.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-600:b5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-33626", }, ], }, cve: "CVE-2023-33626", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2023-52856", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-33626", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2023-52856", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202306-839", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, { db: "NVD", id: "CVE-2023-33626", }, { db: "CNNVD", id: "CNNVD-202306-839", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack", sources: [ { db: "NVD", id: "CVE-2023-33626", }, { db: "CNVD", id: "CNVD-2023-52856", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-33626", trust: 2.2, }, { db: "CNVD", id: "CNVD-2023-52856", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202306-839", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, { db: "NVD", id: "CVE-2023-33626", }, { db: "CNNVD", id: "CNNVD-202306-839", }, ], }, id: "VAR-202306-0930", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, ], trust: 1.4148147999999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, ], }, last_update_date: "2023-12-18T13:59:03.096000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-33626", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://github.com/naihsin/iot/tree/main/d-link/dir-600/overflow", }, { trust: 1.6, url: "https://github.com/naihsin/iot/blob/main/d-link/dir-600/overflow/readme.md", }, { trust: 1.6, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-33626/", }, ], sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, { db: "NVD", id: "CVE-2023-33626", }, { db: "CNNVD", id: "CNNVD-202306-839", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2023-52856", }, { db: "NVD", id: "CVE-2023-33626", }, { db: "CNNVD", id: "CNNVD-202306-839", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-30T00:00:00", db: "CNVD", id: "CNVD-2023-52856", }, { date: "2023-06-12T20:15:12.667000", db: "NVD", id: "CVE-2023-33626", }, { date: "2023-06-12T00:00:00", db: "CNNVD", id: "CNNVD-202306-839", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-06-30T00:00:00", db: "CNVD", id: "CNVD-2023-52856", }, { date: "2023-06-16T19:29:32.267000", db: "NVD", id: "CVE-2023-33626", }, { date: "2023-06-19T00:00:00", db: "CNNVD", id: "CNNVD-202306-839", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202306-839", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-600 buffer overflow vulnerability", sources: [ { db: "CNVD", id: "CNVD-2023-52856", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-202306-839", }, ], trust: 0.6, }, }
cve-2023-33626
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2025-01-03 23:35
Severity ?
EPSS score ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:47:06.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_transferred", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", }, { tags: [ "x_transferred", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33626", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T23:35:10.277645Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T23:35:27.501Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-12T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.dlink.com/en/security-bulletin/", }, { url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/overflow", }, { url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/overflow/README.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-33626", datePublished: "2023-06-12T00:00:00", dateReserved: "2023-05-22T00:00:00", dateUpdated: "2025-01-03T23:35:27.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7471
Vulnerability from cvelistv5
Published
2019-06-11 20:46
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.s3cur1ty.de/m1adv2013-020 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/27044 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:16.715Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/27044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-11T20:46:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.s3cur1ty.de/m1adv2013-020", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/27044", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7471", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.s3cur1ty.de/m1adv2013-020", refsource: "MISC", url: "http://www.s3cur1ty.de/m1adv2013-020", }, { name: "https://www.exploit-db.com/exploits/27044", refsource: "MISC", url: "https://www.exploit-db.com/exploits/27044", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7471", datePublished: "2019-06-11T20:46:45", dateReserved: "2019-06-11T00:00:00", dateUpdated: "2024-08-06T18:09:16.715Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-100005
Vulnerability from cvelistv5
Published
2015-01-13 11:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/57304 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91794 | vdb-entry, x_refsource_XF | |
| http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/ | x_refsource_MISC | |
| http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018 | x_refsource_CONFIRM |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:dlink:dir-600_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dir-600_firmware", vendor: "dlink", versions: [ { lessThanOrEqual: "2.16ww", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dir-600", vendor: "dlink", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-100005", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-30T16:03:21.114106Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-05-16", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-100005", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T16:04:11.553Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-06T14:10:55.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "57304", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57304", }, { name: "dir600-settings-csrf(91794)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "57304", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57304", }, { name: "dir600-settings-csrf(91794)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, { tags: [ "x_refsource_MISC", ], url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-100005", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "57304", refsource: "SECUNIA", url: "http://secunia.com/advisories/57304", }, { name: "dir600-settings-csrf(91794)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794", }, { name: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", refsource: "MISC", url: "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/", }, { name: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", refsource: "CONFIRM", url: "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-100005", datePublished: "2015-01-13T11:00:00", dateReserved: "2015-01-13T00:00:00", dateUpdated: "2024-08-06T14:10:55.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33625
Vulnerability from cvelistv5
Published
2023-06-12 00:00
Modified
2025-01-03 23:37
Severity ?
EPSS score ?
Summary
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:47:06.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_transferred", ], url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", }, { tags: [ "x_transferred", ], url: "https://hackmd.io/%40naihsin/By2datZD2", }, { tags: [ "x_transferred", ], url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33625", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-03T23:36:52.447176Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-03T23:37:13.708Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-12T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.dlink.com/en/security-bulletin/", }, { url: "https://github.com/naihsin/IoT/tree/main/D-Link/DIR-600/cmd%20injection", }, { url: "https://hackmd.io/%40naihsin/By2datZD2", }, { url: "https://github.com/naihsin/IoT/blob/main/D-Link/DIR-600/cmd%20injection/README.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-33625", datePublished: "2023-06-12T00:00:00", dateReserved: "2023-05-22T00:00:00", dateUpdated: "2025-01-03T23:37:13.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }