Vulnerabilites related to dlink - dir-815
var-202401-1949
Vulnerability from variot
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. D-Link Systems, Inc. of DIR-815 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1949", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "1.04", }, { model: "dir-815", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815", scope: "eq", trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-815 firmware 1.04 and earlier", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2024-22651", }, ], }, cve: "CVE-2024-22651", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2024-22651", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2024-22651", trust: 1.8, value: "CRITICAL", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. D-Link Systems, Inc. of DIR-815 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2024-22651", }, { db: "JVNDB", id: "JVNDB-2024-001752", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2024-22651", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2024-001752", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, id: "VAR-202401-1949", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.63235295, }, last_update_date: "2024-02-07T23:16:26.905000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "Command injection (CWE-77) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/goldds96/report/blob/main/dlink/dir-815/ci.md", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2024-22651", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, { db: "NVD", id: "CVE-2024-22651", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T00:00:00", db: "JVNDB", id: "JVNDB-2024-001752", }, { date: "2024-01-24T16:15:08.630000", db: "NVD", id: "CVE-2024-22651", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T02:44:00", db: "JVNDB", id: "JVNDB-2024-001752", }, { date: "2024-01-30T20:16:01.783000", db: "NVD", id: "CVE-2024-22651", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link Systems, Inc. of DIR-815 Command injection vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2024-001752", }, ], trust: 0.8, }, }
var-201804-0265
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. D-Link DIR-815 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link. A remote attacker could exploit the vulnerability to spoof a malicious website to implement a cross-site scripting attack, causing the web cache to poison or perform other malicious operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0265", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lt", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lt", trust: 0.8, vendor: "d link", version: "2.07.b01", }, { model: "dir-815 <2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0151", }, ], }, cve: "CVE-2015-0151", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-0151", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2018-15271", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-0151", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2015-0151", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2015-0151", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2018-15271", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-588", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. D-Link DIR-815 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link. A remote attacker could exploit the vulnerability to spoof a malicious website to implement a cross-site scripting attack, causing the web cache to poison or perform other malicious operations", sources: [ { db: "NVD", id: "CVE-2015-0151", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "CNVD", id: "CNVD-2018-15271", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0151", trust: 3, }, { db: "JVNDB", id: "JVNDB-2015-008180", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-15271", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-588", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], }, id: "VAR-201804-0265", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, ], trust: 1.2323529500000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, ], }, last_update_date: "2023-12-18T13:38:41.839000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { title: "Patch for D-LinkDIR-815 Cross-Site Request Forgery Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/137331", }, { title: "D-Link DIR-815 Fixes for cross-site request forgery vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83337", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0151", }, { trust: 1, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0151", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "JVNDB", id: "JVNDB-2015-008180", }, { db: "NVD", id: "CVE-2015-0151", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-14T00:00:00", db: "CNVD", id: "CNVD-2018-15271", }, { date: "2018-06-08T00:00:00", db: "JVNDB", id: "JVNDB-2015-008180", }, { date: "2018-04-12T21:29:00.723000", db: "NVD", id: "CVE-2015-0151", }, { date: "2018-04-12T00:00:00", db: "CNNVD", id: "CNNVD-201804-588", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-15T00:00:00", db: "CNVD", id: "CNVD-2018-15271", }, { date: "2018-06-08T00:00:00", db: "JVNDB", id: "JVNDB-2015-008180", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2015-0151", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-588", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-588", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Cross-Site Request Forgery Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2018-15271", }, { db: "CNNVD", id: "CNNVD-201804-588", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-201804-588", }, ], trust: 0.6, }, }
var-201804-0876
Vulnerability from variot
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. B The device contains a cross-site scripting vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a \342\200\230RESULT\342\200\231 parameter to the /htdocs/webinc/js/info.php file
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0876", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-815_revb_firmware_patch_2.07.b01", }, { model: "dir-815 rev. b <=dir-815 revb patch 2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-815", scope: "eq", trust: 0.6, vendor: "d link", version: "2.07.b01", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, { db: "CNNVD", id: "CNNVD-201804-765", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-10107", }, ], }, cve: "CVE-2018-10107", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-10107", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2018-08947", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-119833", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-10107", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-10107", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-08947", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-765", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-119833", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, { db: "CNNVD", id: "CNNVD-201804-765", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. B The device contains a cross-site scripting vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a \\342\\200\\230RESULT\\342\\200\\231 parameter to the /htdocs/webinc/js/info.php file", sources: [ { db: "NVD", id: "CVE-2018-10107", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-10107", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-004177", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-08947", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-765", trust: 0.6, }, { db: "VULHUB", id: "VHN-119833", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, { db: "CNNVD", id: "CNNVD-201804-765", }, ], }, id: "VAR-201804-0876", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, ], trust: 1.516176475, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, ], }, last_update_date: "2023-12-18T14:01:18.240000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Wireless N Dual Band Router", trust: 0.8, url: "https://eu.dlink.com/uk/en/products/dir-815-wireless-n-dual-band-router", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-004177", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-119833", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://github.com/icematcha/some-vulnerabilities-of-d-link-dir815/blob/master/vulnerabilities_summary.md", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10107", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-10107", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, { db: "CNNVD", id: "CNNVD-201804-765", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-08947", }, { db: "VULHUB", id: "VHN-119833", }, { db: "JVNDB", id: "JVNDB-2018-004177", }, { db: "NVD", id: "CVE-2018-10107", }, { db: "CNNVD", id: "CNNVD-201804-765", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-04T00:00:00", db: "CNVD", id: "CNVD-2018-08947", }, { date: "2018-04-16T00:00:00", db: "VULHUB", id: "VHN-119833", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004177", }, { date: "2018-04-16T09:58:09.837000", db: "NVD", id: "CVE-2018-10107", }, { date: "2018-04-17T00:00:00", db: "CNNVD", id: "CNNVD-201804-765", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-04T00:00:00", db: "CNVD", id: "CNVD-2018-08947", }, { date: "2018-05-18T00:00:00", db: "VULHUB", id: "VHN-119833", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004177", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2018-10107", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-765", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-765", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B Device cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-004177", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201804-765", }, ], trust: 0.6, }, }
var-201804-0877
Vulnerability from variot
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. B The device contains a cross-site scripting vulnerability.Information may be obtained or information may be altered. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a 'Treturn' parameter to the /htdocs/webinc/js/bsc_sms_inbox.php file
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0877", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-815_revb_firmware_patch_2.07.b01", }, { model: "dir-815 rev. b <=dir-815 revb patch 2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-815", scope: "eq", trust: 0.6, vendor: "d link", version: "2.07.b01", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, { db: "CNNVD", id: "CNNVD-201804-764", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-10108", }, ], }, cve: "CVE-2018-10108", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-10108", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2018-08946", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-119834", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-10108", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-10108", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-08946", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-764", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-119834", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, { db: "CNNVD", id: "CNNVD-201804-764", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. B The device contains a cross-site scripting vulnerability.Information may be obtained or information may be altered. D-LinkDIR-815REV.B is a wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-815REV.B with DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. A remote attacker could exploit the vulnerability to obtain authentication cookies by sending a 'Treturn' parameter to the /htdocs/webinc/js/bsc_sms_inbox.php file", sources: [ { db: "NVD", id: "CVE-2018-10108", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-10108", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-004176", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-08946", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-764", trust: 0.6, }, { db: "VULHUB", id: "VHN-119834", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, { db: "CNNVD", id: "CNNVD-201804-764", }, ], }, id: "VAR-201804-0877", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, ], trust: 1.516176475, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, ], }, last_update_date: "2023-12-18T13:13:55.392000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Wireless N Dual Band Router", trust: 0.8, url: "https://eu.dlink.com/uk/en/products/dir-815-wireless-n-dual-band-router", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-004176", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-119834", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://github.com/icematcha/some-vulnerabilities-of-d-link-dir815/blob/master/vulnerabilities_summary.md", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10108", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-10108", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, { db: "CNNVD", id: "CNNVD-201804-764", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-08946", }, { db: "VULHUB", id: "VHN-119834", }, { db: "JVNDB", id: "JVNDB-2018-004176", }, { db: "NVD", id: "CVE-2018-10108", }, { db: "CNNVD", id: "CNNVD-201804-764", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-04T00:00:00", db: "CNVD", id: "CNVD-2018-08946", }, { date: "2018-04-16T00:00:00", db: "VULHUB", id: "VHN-119834", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004176", }, { date: "2018-04-16T09:58:09.917000", db: "NVD", id: "CVE-2018-10108", }, { date: "2018-04-17T00:00:00", db: "CNNVD", id: "CNNVD-201804-764", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-04T00:00:00", db: "CNVD", id: "CNVD-2018-08946", }, { date: "2018-05-18T00:00:00", db: "VULHUB", id: "VHN-119834", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004176", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2018-10108", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-764", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-764", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B Device cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-004176", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201804-764", }, ], trust: 0.6, }, }
var-202009-0817
Vulnerability from variot
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0817", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-645", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-860l", scope: "eq", trust: 1, vendor: "dlink", version: "1.10b04", }, { model: "dir-803", scope: "eq", trust: 1, vendor: "dlink", version: "1.04.b02", }, { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.08b01", }, { model: "dir-803 1.04.b02", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-816l 2.06.b09 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, cve: "CVE-2020-25786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-59764", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-25786", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2020-25786", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59764", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-25786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2020-25786", }, { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-25786", trust: 2.3, }, { db: "DLINK", id: "SAP10190", trust: 1.7, }, { db: "CNVD", id: "CNVD-2020-59764", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-25786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, id: "VAR-202009-0817", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 1.28161163, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], }, last_update_date: "2024-05-17T23:12:39.331000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237805", }, { title: "D-Link DIR-816L and DIR-803 Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128929", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/sek1th/iot/blob/master/dir-816l_xss.md", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10190", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-25786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2020-09-19T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-09-19T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2020-09-19T20:15:11.903000", db: "NVD", id: "CVE-2020-25786", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-11-01T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2024-05-17T01:46:24", db: "NVD", id: "CVE-2020-25786", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, }
var-201804-0875
Vulnerability from variot
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. B The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A security vulnerability exists in the /htdocs/web/getcfg.php file in D-LinkDIR-815REV.B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. An attacker could exploit the vulnerability to bypass permissions and obtain information. B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and earlier firmware
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0875", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-815_revb_firmware_patch_2.07.b01", }, { model: "dir-815 rev. b <=dir-815 revb patch 2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-815", scope: "eq", trust: 0.6, vendor: "d link", version: "2.07.b01", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, { db: "CNNVD", id: "CNNVD-201804-766", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-10106", }, ], }, cve: "CVE-2018-10106", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2018-10106", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2018-09627", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-119832", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-10106", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-10106", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2018-09627", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-766", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-119832", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, { db: "CNNVD", id: "CNNVD-201804-766", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. B The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815REV.B is a wireless router product from D-Link. A security vulnerability exists in the /htdocs/web/getcfg.php file in D-LinkDIR-815REV.B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and previous firmware. An attacker could exploit the vulnerability to bypass permissions and obtain information. B using DIR-815_REVB_FIRMWARE_PATCH_2.07.B01 and earlier firmware", sources: [ { db: "NVD", id: "CVE-2018-10106", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-10106", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-004175", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-09627", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-766", trust: 0.6, }, { db: "VULHUB", id: "VHN-119832", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, { db: "CNNVD", id: "CNNVD-201804-766", }, ], }, id: "VAR-201804-0875", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, ], trust: 1.516176475, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, ], }, last_update_date: "2023-12-18T14:05:28.952000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Wireless N Dual Band Router", trust: 0.8, url: "https://eu.dlink.com/uk/en/products/dir-815-wireless-n-dual-band-router", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-004175", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-119832", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "https://github.com/icematcha/some-vulnerabilities-of-d-link-dir815/blob/master/vulnerabilities_summary.md", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10106", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-10106", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, { db: "CNNVD", id: "CNNVD-201804-766", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-09627", }, { db: "VULHUB", id: "VHN-119832", }, { db: "JVNDB", id: "JVNDB-2018-004175", }, { db: "NVD", id: "CVE-2018-10106", }, { db: "CNNVD", id: "CNNVD-201804-766", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-16T00:00:00", db: "CNVD", id: "CNVD-2018-09627", }, { date: "2018-04-16T00:00:00", db: "VULHUB", id: "VHN-119832", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004175", }, { date: "2018-04-16T09:58:09.790000", db: "NVD", id: "CVE-2018-10106", }, { date: "2018-04-17T00:00:00", db: "CNNVD", id: "CNNVD-201804-766", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-16T00:00:00", db: "CNVD", id: "CNVD-2018-09627", }, { date: "2018-05-18T00:00:00", db: "VULHUB", id: "VHN-119832", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2018-004175", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2018-10106", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-766", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-766", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 REV. B Information disclosure vulnerability in devices", sources: [ { db: "JVNDB", id: "JVNDB-2018-004175", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201804-766", }, ], trust: 0.6, }, }
var-201804-0267
Vulnerability from variot
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. D-Link DIR-815 The device firmware contains a vulnerability related to key management errors.Information may be obtained. D-LinkDIR-815 is a wireless router product from D-Link. A security vulnerability exists in D-LinkDIR-815 using firmware prior to 2.07.B01, which is caused by the program storing the wireless key in plain text
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0267", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lt", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lt", trust: 0.8, vendor: "d link", version: "2.07.b01", }, { model: "dir-815 <2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0153", }, ], }, cve: "CVE-2015-0153", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-0153", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2018-15272", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2015-0153", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2015-0153", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2018-15272", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-586", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2015-0153", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "VULMON", id: "CVE-2015-0153", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, { db: "CNNVD", id: "CNNVD-201804-586", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. D-Link DIR-815 The device firmware contains a vulnerability related to key management errors.Information may be obtained. D-LinkDIR-815 is a wireless router product from D-Link. A security vulnerability exists in D-LinkDIR-815 using firmware prior to 2.07.B01, which is caused by the program storing the wireless key in plain text", sources: [ { db: "NVD", id: "CVE-2015-0153", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "CNVD", id: "CNVD-2018-15272", }, { db: "VULMON", id: "CVE-2015-0153", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0153", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2015-008185", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-15272", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-586", trust: 0.6, }, { db: "VULMON", id: "CVE-2015-0153", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "VULMON", id: "CVE-2015-0153", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, { db: "CNNVD", id: "CNNVD-201804-586", }, ], }, id: "VAR-201804-0267", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, ], trust: 1.2323529500000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, ], }, last_update_date: "2023-12-18T13:33:53.151000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { title: "Patch for D-LinkDIR-815 Information Disclosure Vulnerability (CNVD-2018-15272)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/137325", }, { title: "D-Link DIR-815 Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83335", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "CNNVD", id: "CNNVD-201804-586", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-320", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0153", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0153", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/320.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "VULMON", id: "CVE-2015-0153", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, { db: "CNNVD", id: "CNNVD-201804-586", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-15272", }, { db: "VULMON", id: "CVE-2015-0153", }, { db: "JVNDB", id: "JVNDB-2015-008185", }, { db: "NVD", id: "CVE-2015-0153", }, { db: "CNNVD", id: "CNNVD-201804-586", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-14T00:00:00", db: "CNVD", id: "CNVD-2018-15272", }, { date: "2018-04-12T00:00:00", db: "VULMON", id: "CVE-2015-0153", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008185", }, { date: "2018-04-12T21:29:00.833000", db: "NVD", id: "CVE-2015-0153", }, { date: "2018-04-12T00:00:00", db: "CNNVD", id: "CNNVD-201804-586", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-15T00:00:00", db: "CNVD", id: "CNVD-2018-15272", }, { date: "2018-05-18T00:00:00", db: "VULMON", id: "CVE-2015-0153", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008185", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2015-0153", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-586", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-586", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Vulnerabilities related to key management errors in device firmware", sources: [ { db: "JVNDB", id: "JVNDB-2015-008185", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-201804-586", }, ], trust: 0.6, }, }
var-202401-1368
Vulnerability from variot
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. D-Link DIR-815 is a wireless router made by China D-Link Company.
D-Link DIR-815 has a code execution vulnerability. The vulnerability is due to the application's failure to properly filter special elements that construct code segments
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-1368", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "1.01ssb08.bin", }, { model: "dir-815 1.01ssb08.bin", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, { db: "NVD", id: "CVE-2023-51123", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:1.01ssb08.bin:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-51123", }, ], }, cve: "CVE-2023-51123", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2024-06215", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2023-51123", trust: 1, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2024-06215", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, { db: "NVD", id: "CVE-2023-51123", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. D-Link DIR-815 is a wireless router made by China D-Link Company. \n\r\n\r\nD-Link DIR-815 has a code execution vulnerability. The vulnerability is due to the application's failure to properly filter special elements that construct code segments", sources: [ { db: "NVD", id: "CVE-2023-51123", }, { db: "CNVD", id: "CNVD-2024-06215", }, ], trust: 1.44, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-51123", trust: 1.6, }, { db: "CNVD", id: "CNVD-2024-06215", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, { db: "NVD", id: "CVE-2023-51123", }, ], }, id: "VAR-202401-1368", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, ], trust: 1.2323529500000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, ], }, last_update_date: "2024-02-04T22:48:27.263000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for D-Link DIR-815 Code Execution Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/521616", }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2023-51123", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://github.com/whereisrain/dir-815", }, { trust: 1, url: "https://github.com/whereisrain/dir-815/blob/main/readme.md", }, ], sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, { db: "NVD", id: "CVE-2023-51123", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2024-06215", }, { db: "NVD", id: "CVE-2023-51123", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-26T00:00:00", db: "CNVD", id: "CNVD-2024-06215", }, { date: "2024-01-10T22:15:50.823000", db: "NVD", id: "CVE-2023-51123", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-01-29T00:00:00", db: "CNVD", id: "CNVD-2024-06215", }, { date: "2024-01-22T16:15:08.230000", db: "NVD", id: "CVE-2023-51123", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Code Execution Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2024-06215", }, ], trust: 0.6, }, }
var-202401-0959
Vulnerability from variot
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0959", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-x1860", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-2640u", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-842", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-g2452gr", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwm-321", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-2150", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-806a", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-n5402g", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-x1530", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwm-312w", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwr-921", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-882", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-853", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-1210", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-5402g", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-1260", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615t", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815\\/ac", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-224", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-5402g\\/gfru", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-841", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-816", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825acf", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-820", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-620", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dvg-n5402g\\/il", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825acg1", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-842s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825ac", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-815s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-2750u", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dsl-245gr", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615gf", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-843", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dap-1360", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-620s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-300", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-878", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-615s", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dwr-953", scope: "lte", trust: 1, vendor: "dlink", version: "2024-01-12", }, { model: "dir-825", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-615t", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-825acf", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-825acg1", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-x1530", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-842s", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-853", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-1210", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-1260", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-615", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-806a", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-841", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815s", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-842", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-878", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dsl-g2452gr", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dsl-245gr", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-300", scope: null, trust: 0.8, vendor: "d link", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2024-01-12", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2024-0717", }, ], }, cve: "CVE-2024-0717", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "cna@vuldb.com", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2024-0717", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2024-0717", trust: 1.8, value: "MEDIUM", }, { author: "cna@vuldb.com", id: "CVE-2024-0717", trust: 1, value: "MEDIUM", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained", sources: [ { db: "NVD", id: "CVE-2024-0717", }, { db: "JVNDB", id: "JVNDB-2024-001679", }, ], trust: 1.62, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2024-0717", trust: 2.6, }, { db: "VULDB", id: "251542", trust: 1.8, }, { db: "JVNDB", id: "JVNDB-2024-001679", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, id: "VAR-202401-0959", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.618071456875, }, last_update_date: "2024-05-17T23:12:33.116000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Lack of information (CWE-noinfo) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://github.com/999zzzzz/d-link", }, { trust: 1.8, url: "https://vuldb.com/?ctiid.251542", }, { trust: 1.8, url: "https://vuldb.com/?id.251542", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2024-0717", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, { db: "NVD", id: "CVE-2024-0717", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T00:00:00", db: "JVNDB", id: "JVNDB-2024-001679", }, { date: "2024-01-19T16:15:11.190000", db: "NVD", id: "CVE-2024-0717", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2024-02-06T01:48:00", db: "JVNDB", id: "JVNDB-2024-001679", }, { date: "2024-05-17T02:34:53.200000", db: "NVD", id: "CVE-2024-0717", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Systems, Inc. Product vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2024-001679", }, ], trust: 0.8, }, }
var-201804-0264
Vulnerability from variot
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. D-Link DIR-815 There is an access control vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link. There is a security hole in the remote management user interface in D-LinkDIR-815 using firmware prior to 2.07.B01
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0264", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lt", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lt", trust: 0.8, vendor: "d link", version: "2.07.b01", }, { model: "dir-815 <2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0150", }, ], }, cve: "CVE-2015-0150", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-0150", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2018-15413", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2015-0150", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2015-0150", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2018-15413", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201804-589", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, { db: "CNNVD", id: "CNNVD-201804-589", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. D-Link DIR-815 There is an access control vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link. There is a security hole in the remote management user interface in D-LinkDIR-815 using firmware prior to 2.07.B01", sources: [ { db: "NVD", id: "CVE-2015-0150", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "CNVD", id: "CNVD-2018-15413", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0150", trust: 3, }, { db: "JVNDB", id: "JVNDB-2015-008183", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-15413", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-589", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, { db: "CNNVD", id: "CNNVD-201804-589", }, ], }, id: "VAR-201804-0264", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, ], trust: 1.2323529500000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, ], }, last_update_date: "2023-12-18T12:50:48.255000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { title: "D-LinkDIR-815 access patch to limit the vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/137373", }, { title: "D-Link DIR-815 Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83338", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "CNNVD", id: "CNNVD-201804-589", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-284", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0150", }, { trust: 1, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0150", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, { db: "CNNVD", id: "CNNVD-201804-589", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-15413", }, { db: "JVNDB", id: "JVNDB-2015-008183", }, { db: "NVD", id: "CVE-2015-0150", }, { db: "CNNVD", id: "CNNVD-201804-589", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-15T00:00:00", db: "CNVD", id: "CNVD-2018-15413", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008183", }, { date: "2018-04-12T21:29:00.660000", db: "NVD", id: "CVE-2015-0150", }, { date: "2018-04-12T00:00:00", db: "CNNVD", id: "CNNVD-201804-589", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-16T00:00:00", db: "CNVD", id: "CNVD-2018-15413", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008183", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2015-0150", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-589", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-589", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Vulnerability related to access control in device firmware", sources: [ { db: "JVNDB", id: "JVNDB-2015-008183", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-201804-589", }, ], trust: 0.6, }, }
var-201804-0266
Vulnerability from variot
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. D-Link DIR-815 The device firmware contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0266", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "lt", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-815", scope: "lt", trust: 0.8, vendor: "d link", version: "2.07.b01", }, { model: "dir-815 <2.07.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.07.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-0152", }, ], }, cve: "CVE-2015-0152", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-0152", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2018-15273", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2015-0152", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2015-0152", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2018-15273", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201804-587", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. D-Link DIR-815 The device firmware contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-815 is a wireless router product from D-Link", sources: [ { db: "NVD", id: "CVE-2015-0152", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "CNVD", id: "CNVD-2018-15273", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0152", trust: 3, }, { db: "JVNDB", id: "JVNDB-2015-008184", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-15273", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201804-587", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], }, id: "VAR-201804-0266", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, ], trust: 1.2323529500000001, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "ICS", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, ], }, last_update_date: "2023-12-18T12:29:03.706000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { title: "Patch for D-LinkDIR-815 Information Disclosure Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/137321", }, { title: "D-Link DIR-815 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83336", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0152", }, { trust: 1, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.07.b01_en.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0152", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "JVNDB", id: "JVNDB-2015-008184", }, { db: "NVD", id: "CVE-2015-0152", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-14T00:00:00", db: "CNVD", id: "CNVD-2018-15273", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008184", }, { date: "2018-04-12T21:29:00.770000", db: "NVD", id: "CVE-2015-0152", }, { date: "2018-04-12T00:00:00", db: "CNNVD", id: "CNNVD-201804-587", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-08-15T00:00:00", db: "CNVD", id: "CNVD-2018-15273", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2015-008184", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2015-0152", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-587", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-587", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2018-15273", }, { db: "CNNVD", id: "CNNVD-201804-587", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201804-587", }, ], trust: 0.6, }, }
var-201804-0253
Vulnerability from variot
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue.". D-Link DIR-815 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-815 is a wireless router product of D-Link. There is a security vulnerability in the remote management interface in the D-Link DIR-815 with firmware prior to 2.03.B02
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0253", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "2.03.b02", }, { model: "dir-815", scope: "lt", trust: 0.8, vendor: "d link", version: "2.03.b02", }, { model: "dir-815", scope: "eq", trust: 0.6, vendor: "d link", version: "2.03.b02", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.03.b02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2014-8888", }, ], }, cve: "CVE-2014-8888", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2014-8888", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-76833", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2014-8888", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2014-8888", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-201804-591", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-76833", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2014-8888", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-76833", }, { db: "VULMON", id: "CVE-2014-8888", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\". D-Link DIR-815 The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-815 is a wireless router product of D-Link. There is a security vulnerability in the remote management interface in the D-Link DIR-815 with firmware prior to 2.03.B02", sources: [ { db: "NVD", id: "CVE-2014-8888", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "VULHUB", id: "VHN-76833", }, { db: "VULMON", id: "CVE-2014-8888", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-8888", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2014-008590", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201804-591", trust: 0.6, }, { db: "VULHUB", id: "VHN-76833", trust: 0.1, }, { db: "VULMON", id: "CVE-2014-8888", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-76833", }, { db: "VULMON", id: "CVE-2014-8888", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, id: "VAR-201804-0253", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-76833", }, ], trust: 0.73235295, }, last_update_date: "2023-12-18T13:08:31.722000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-815 Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.03.b02_en.pdf", }, { title: "D-Link DIR-815 Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=83340", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-76833", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-815/revb/dir-815_revb_firmware_patch_notes_2.03.b02_en.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8888", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8888", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/77.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULHUB", id: "VHN-76833", }, { db: "VULMON", id: "CVE-2014-8888", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-76833", }, { db: "VULMON", id: "CVE-2014-8888", }, { db: "JVNDB", id: "JVNDB-2014-008590", }, { db: "NVD", id: "CVE-2014-8888", }, { db: "CNNVD", id: "CNNVD-201804-591", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-04-12T00:00:00", db: "VULHUB", id: "VHN-76833", }, { date: "2018-04-12T00:00:00", db: "VULMON", id: "CVE-2014-8888", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2014-008590", }, { date: "2018-04-12T21:29:00.537000", db: "NVD", id: "CVE-2014-8888", }, { date: "2018-04-12T00:00:00", db: "CNNVD", id: "CNNVD-201804-591", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-05-18T00:00:00", db: "VULHUB", id: "VHN-76833", }, { date: "2018-05-18T00:00:00", db: "VULMON", id: "CVE-2014-8888", }, { date: "2018-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2014-008590", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2014-8888", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201804-591", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201804-591", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-815 Command injection vulnerability in device firmware", sources: [ { db: "JVNDB", id: "JVNDB-2014-008590", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "command injection", sources: [ { db: "CNNVD", id: "CNNVD-201804-591", }, ], trust: 0.6, }, }
var-202307-1597
Vulnerability from variot
D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. D-Link Systems, Inc. of DIR-815 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202307-1597", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "1.0.1", }, { model: "dir-815", scope: "eq", trust: 0.8, vendor: "d link", version: "dir-815 firmware 1.0.1", }, { model: "dir-815", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-815", scope: "eq", trust: 0.8, vendor: "d link", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2023-37758", }, ], }, cve: "CVE-2023-37758", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2023-37758", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2023-37758", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202307-1562", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "CNNVD", id: "CNNVD-202307-1562", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. D-Link Systems, Inc. of DIR-815 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state", sources: [ { db: "NVD", id: "CVE-2023-37758", }, { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "VULMON", id: "CVE-2023-37758", }, ], trust: 1.71, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2023-37758", trust: 3.3, }, { db: "JVNDB", id: "JVNDB-2023-023370", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202307-1562", trust: 0.6, }, { db: "VULMON", id: "CVE-2023-37758", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2023-37758", }, { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "CNNVD", id: "CNNVD-202307-1562", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, id: "VAR-202307-1597", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.63235295, }, last_update_date: "2024-01-31T22:25:27.033000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-120", trust: 1, }, { problemtype: "Classic buffer overflow (CWE-120) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 2.5, url: "https://support.dlink.ca/productinfo.aspx?m=dir-815", }, { trust: 1.8, url: "https://hackmd.io/%40psgs7xsns5a4k7y0yib43g/rjr8onn_n", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2023-37758", }, { trust: 0.7, url: "https://hackmd.io/@psgs7xsns5a4k7y0yib43g/rjr8onn_n", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2023-37758/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2023-37758", }, { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "CNNVD", id: "CNNVD-202307-1562", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2023-37758", }, { db: "JVNDB", id: "JVNDB-2023-023370", }, { db: "CNNVD", id: "CNNVD-202307-1562", }, { db: "NVD", id: "CVE-2023-37758", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-18T00:00:00", db: "VULMON", id: "CVE-2023-37758", }, { date: "2024-01-26T00:00:00", db: "JVNDB", id: "JVNDB-2023-023370", }, { date: "2023-07-18T00:00:00", db: "CNNVD", id: "CNNVD-202307-1562", }, { date: "2023-07-18T19:15:10.007000", db: "NVD", id: "CVE-2023-37758", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-07-18T00:00:00", db: "VULMON", id: "CVE-2023-37758", }, { date: "2024-01-26T05:36:00", db: "JVNDB", id: "JVNDB-2023-023370", }, { date: "2023-07-24T00:00:00", db: "CNNVD", id: "CNNVD-202307-1562", }, { date: "2023-11-07T04:17:06.350000", db: "NVD", id: "CVE-2023-37758", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link Systems, Inc. of DIR-815 Classic buffer overflow vulnerability in firmware", sources: [ { db: "JVNDB", id: "JVNDB-2023-023370", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202307-1562", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/110584 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/110584 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "996F1732-7AC4-4CAA-BB6E-E72A9F342871", versionEndExcluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en dispositivos D-Link DIR-815, con firmware en versiones anteriores a la 2.07.B01, permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS.", }, ], id: "CVE-2015-0151", lastModified: "2024-11-21T02:22:27.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T21:29:00.723", references: [ { source: "psirt@us.ibm.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-10 22:15
Modified
2024-11-21 08:37
Severity ?
Summary
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | 1.01ssb08.bin | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:1.01ssb08.bin:*:*:*:*:*:*:*", matchCriteriaId: "F1F21B82-9750-4DCB-BD12-B67DB5E09AA6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.", }, { lang: "es", value: "Un problema descubierto en D-Link dir815 v.1.01SSb08.bin permite a un atacante remoto ejecutar código arbitrario a través de una solicitud POST manipulada al parámetro service en la función SOAPCGI_main del componente binario cgibin.", }, ], id: "CVE-2023-51123", lastModified: "2024-11-21T08:37:51.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-10T22:15:50.823", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/WhereisRain/dir-815", }, { source: "cve@mitre.org", url: "https://github.com/WhereisRain/dir-815/blob/main/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/WhereisRain/dir-815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/WhereisRain/dir-815/blob/main/README.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-16 09:58
Modified
2024-11-21 03:40
Severity ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7CD172-548A-49D6-9D3E-9A263E2C7A54", versionEndIncluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.", }, { lang: "es", value: "Los dispositivos D-Link DIR-815 REV. B (con firmware hasta la versión DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) tienen una omisión de permisos y una divulgación de información en /htdocs/web/getcfg.php, tal y como se demuestra con una petición /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1.", }, ], id: "CVE-2018-10106", lastModified: "2024-11-21T03:40:50.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-16T09:58:09.790", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-16 09:58
Modified
2024-11-21 03:40
Severity ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7CD172-548A-49D6-9D3E-9A263E2C7A54", versionEndIncluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.", }, { lang: "es", value: "Los dispositivos D-Link DIR-815 REV. B (con firmware hasta la versión DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) tienen Cross-Site Scripting (XSS) en el parámetro Treturn en /htdocs/webinc/js/bsc_sms_inbox.php.", }, ], id: "CVE-2018-10108", lastModified: "2024-11-21T03:40:50.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-16T09:58:09.917", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:22
Severity ?
Summary
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/110585 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/110585 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "996F1732-7AC4-4CAA-BB6E-E72A9F342871", versionEndExcluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.", }, { lang: "es", value: "Los dispositivos D-Link DIR-815, con firmware en versiones anteriores a la 2.07.B01, permiten que atacantes remotos obtengan información sensible aprovechando el almacenamiento en texto claro de la contraseña administrativa.", }, ], id: "CVE-2015-0152", lastModified: "2024-11-21T02:22:27.657", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T21:29:00.770", references: [ { source: "psirt@us.ibm.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-803_firmware | 1.04.b02 | |
| dlink | dir-803 | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 | |
| dlink | dir-645_firmware | 1.06b01 | |
| dlink | dir-645 | a1 | |
| dlink | dir-815_firmware | 2.07.b01 | |
| dlink | dir-815 | b1 | |
| dlink | dir-860l_firmware | 1.10b04 | |
| dlink | dir-860l | a1 | |
| dlink | dir-865l_firmware | 1.08b01 | |
| dlink | dir-865l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, { lang: "es", value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario", }, ], id: "CVE-2020-25786", lastModified: "2024-11-21T05:18:46.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-19T20:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-18 19:15
Modified
2024-11-21 08:12
Severity ?
Summary
D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | 1.0.1 | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "225DD6CE-AB3A-48B1-9EC8-844FB04AB8B3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.", }, ], id: "CVE-2023-37758", lastModified: "2024-11-21T08:12:13.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-18T19:15:10.007", references: [ { source: "cve@mitre.org", url: "https://hackmd.io/%40pSgS7xsnS5a4K7Y0yiB43g/rJr8oNn_n", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://support.dlink.ca/productinfo.aspx?m=dir-815", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://hackmd.io/%40pSgS7xsnS5a4K7Y0yiB43g/rJr8oNn_n", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://support.dlink.ca/productinfo.aspx?m=dir-815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:19
Severity ?
Summary
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | 2.03.b02 | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.03.b02:*:*:*:*:*:*:*", matchCriteriaId: "38105051-81AA-4066-A1C5-2B2F9C71F5E2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"", }, { lang: "es", value: "La interfaz de administración remota en dispositivos D-Link DIR-815, con firmware en versiones anteriores a la 2.03.B02, permite que atacantes remotos ejecuten comandos arbitrarios mediante vectores relacionados con un \"HTTP command injection issue\".", }, ], id: "CVE-2014-8888", lastModified: "2024-11-21T02:19:53.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T21:29:00.537", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", }, { source: "psirt@us.ibm.com", tags: [ "Technical Description", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:22
Severity ?
Summary
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/110583 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/110583 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "996F1732-7AC4-4CAA-BB6E-E72A9F342871", versionEndExcluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.", }, { lang: "es", value: "La interfaz gráfica de administración remota en dispositivos D-Link DIR-815, con firmware en versiones anteriores a la 2.07.B01, permite que atacantes remotos omitan las restricciones de acceso planeadas mediante vectores sin especificar.", }, ], id: "CVE-2015-0150", lastModified: "2024-11-21T02:22:27.410", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T21:29:00.660", references: [ { source: "psirt@us.ibm.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-19 16:15
Modified
2024-11-21 08:47
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.251542 | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "81B11B0F-8307-4845-A322-2CB3FE85840D", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*", matchCriteriaId: "129E5D3B-B94F-4F33-B64C-35115AFB1165", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2F4A6809-F1A7-416B-9345-9F7A37B7BF71", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*", matchCriteriaId: "D789C69F-5063-43B7-AB71-5B0C9294D55E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "19167352-59AF-4D47-BC80-A1599F24DE0A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*", matchCriteriaId: "AF5C311E-DB22-452B-BC26-265E3A84B57C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9867D17E-123A-4A33-A058-12BF1AC453F8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2899DF29-FDF6-4D57-8846-3DADCC5349A0", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*", matchCriteriaId: "7FF2C35C-8C59-4D36-8CC9-AE03853B40D4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6CCF939D-719A-4682-ADD8-C1DE484E5377", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*", matchCriteriaId: "7038F8A9-03F3-4442-B371-84801EF05447", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9302B88E-28ED-486C-9E64-D38B9B857E89", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*", matchCriteriaId: "2E92E959-C211-4979-A233-163BEFCF6F0D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5039D893-1396-42D0-91D9-2E02B974EF98", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", matchCriteriaId: "C05AE997-7966-4CCA-B58A-93B684D55F60", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9001FB50-6B3D-4EE2-BC9F-920DE95BDC58", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*", matchCriteriaId: "332F4880-9D76-4C74-95DE-730F72879EC4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F28A25B0-D5E9-4668-B00A-F4F2B34C7457", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*", matchCriteriaId: "28A60F07-0DA7-47AD-B3C0-E1F6ED630C89", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEAC2985-B6E3-4215-8BA5-B6653BCB5EC6", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*", matchCriteriaId: "926B41A6-009F-444D-BE5C-B517F844E99B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "02D27414-7D38-40A6-978B-6A9417A2D09C", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CA077FA3-FA87-4B2D-897E-A7B1A7BC7642", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF8EB08-A378-4F14-ADD9-E97C244DD80D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DB2BFA6C-D260-4B9F-952A-E185BCD0F415", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*", matchCriteriaId: "517C1250-268D-45A7-9BD1-EACE4BA1BA82", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2DAE783-B0F3-4765-A7FD-945F041369E7", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*", matchCriteriaId: "9D288C73-F89A-47FF-AF11-143C3DFDF942", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D626BD4C-D4D2-4CC5-91EF-AF938A5C1983", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*", matchCriteriaId: "AD011B62-C988-463A-8672-F5BD0D984179", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4477BE0A-BC4A-4534-8FED-3045CD373008", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*", matchCriteriaId: "951C4DD2-B472-401B-A1FF-4FE5957A5213", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "87DB97AC-CBBA-422D-8DE3-E82DC1D73A98", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*", matchCriteriaId: "AC2143B3-B3A0-41D6-B8F7-78CE40B1759C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDCB1321-793F-455C-847C-E5033A920F1F", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*", matchCriteriaId: "996A7C60-49BB-46BE-8A2C-CEABA71FBEB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F2A35FF-2623-4D3C-920A-42B836984085", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*", matchCriteriaId: "0C6BA467-0AB4-42BF-BBD1-59E2FA03CF42", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C0D3126B-FE49-4C78-A734-95C3C0276AE2", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*", matchCriteriaId: "09E483F8-5B0E-498A-B1CA-8F1EA5FD350C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A3A04F04-D2DC-4DC9-B44B-F5DEC933E9AC", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*", matchCriteriaId: "06F065A1-2599-442C-AB55-DE24D47A7869", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A61E0E68-F20D-4663-9855-B71F60266B83", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*", matchCriteriaId: "43F0390E-B9E1-463A-A08C-B529778EE72F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9FE9B1C-6246-458F-AF0D-E624D1DBFAE2", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*", matchCriteriaId: "A74ABB9E-FD49-431A-BB23-9DCA44B8A806", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F098AF6-DC38-4D50-9316-809349CB573E", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*", matchCriteriaId: "1DF4C296-C8AA-4197-B280-ED5D22C70156", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D27F65EC-6C50-4691-99A2-EA1C1D3DE0C8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*", matchCriteriaId: "F1C2C7F0-FE1C-4B95-9636-FA6041C85C44", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2472D8A-C45A-447B-A296-B2BB93A7E948", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*", matchCriteriaId: "F6ECB8ED-F3A2-4C05-8570-719ECB166B09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9B065B35-4FC9-4D4C-823D-F06418454CC9", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*", matchCriteriaId: "8F03A354-6EBE-4081-9234-00DCB747EAB5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A78E427F-121A-4453-B0BD-48C2A516FE5A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*", matchCriteriaId: "291ACFCF-032B-466D-9C5B-D5CCF9CA7DD9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "500B6A19-ED9A-404C-A071-D77F4263288F", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*", matchCriteriaId: "5C744969-0177-4E24-8E60-1DB0EFE1E5C5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "29D9E5D9-B9E8-4BD0-B6DC-F253559925B3", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*", matchCriteriaId: "66BD8659-B935-441C-9AFF-20E8AE157E2B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E3BFEE9-5E48-4D94-977B-7A79CF2AEB1A", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*", matchCriteriaId: "A46288E8-3105-4FAA-80E7-94EECD1764F2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D83F75D8-3563-4A07-A794-6970A63EAA9B", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E95864-1D6F-4BB2-9940-144385527271", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1790403-AC76-4A3E-B727-836AF7ABCF10", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*", matchCriteriaId: "6C30FD50-1AC6-476A-85B9-30D24E0663DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7B29BE39-F488-4C74-8B5C-F8D6C3256F96", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*", matchCriteriaId: "85293557-FC2C-4A56-8EA0-6E12968E7FBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "672ADB90-0062-48CE-B437-28919980A4B0", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*", matchCriteriaId: "B4C4C431-489D-4F09-A312-B4FBCC38E91E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8AA2FBAD-C15D-4908-AB8B-23087354D4A8", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*", matchCriteriaId: "E37EEA4D-B3F6-4A39-971C-07C1CB0BA209", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "236D3547-1FB9-44B3-ABD2-F948912B6D4D", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*", matchCriteriaId: "B118E9B4-961D-46B6-95E3-514A99C8BFA8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "065F9B59-FBA8-4798-8F29-82741815B0CD", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*", matchCriteriaId: "7C8BB581-D7A3-494A-AB43-BCAE390ED692", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CC3409D3-C046-410B-96BB-128FC1C2C097", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*", matchCriteriaId: "9932A023-1CE6-4915-812D-F3CE5EAB114C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5AEE17B3-F77C-4F3A-92D7-99BFF1F1A824", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*", matchCriteriaId: "1127DA2D-4024-4962-B8FB-C81E07B1AE94", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B0191F0-DB03-479F-BA89-8CBF6F378BD6", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*", matchCriteriaId: "E5A7A48A-C126-4EF2-91F8-A8D9987525FF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "43227AC8-29BA-43E9-AB4F-10C83F222514", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*", matchCriteriaId: "9199BBF6-42E4-418E-8A3C-7F69CCB3D145", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "876FA028-A6B1-488A-A29D-038D93539C07", versionEndIncluding: "2024-01-12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*", matchCriteriaId: "B54058C1-B58F-434A-ABF0-A6B314A1AB14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815 y clasificada como crítica , DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR -843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U , DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 y Good Line Router v2 hasta 20240112 Esta vulnerabilidad afecta a código desconocido del archivo /devinfo del componente HTTP GET Request Handler. La manipulación del área de argumentos con la entrada aviso|net|versión conduce a la divulgación de información. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-251542 es el identificador asignado a esta vulnerabilidad.", }, ], id: "CVE-2024-0717", lastModified: "2024-11-21T08:47:12.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-19T16:15:11.190", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/999zzzzz/D-Link", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.251542", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.251542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/999zzzzz/D-Link", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?ctiid.251542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.251542", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-24 16:15
Modified
2024-11-21 08:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA004615-CEB4-4034-B877-CC4D95F10E54", versionEndIncluding: "1.04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.", }, { lang: "es", value: "Existe una vulnerabilidad de inyección de comandos en la función ssdpcgi_main del binario cgibin en el firmware del router D-Link DIR-815 v1.04.", }, ], id: "CVE-2024-22651", lastModified: "2024-11-21T08:56:32.580", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-01-24T16:15:08.630", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-77", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-12 21:29
Modified
2024-11-21 02:22
Severity ?
Summary
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/110586 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/110586 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "996F1732-7AC4-4CAA-BB6E-E72A9F342871", versionEndExcluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.", }, { lang: "es", value: "Los dispositivos D-Link DIR-815, con firmware en versiones anteriores a la 2.07.B01, permiten que atacantes remotos obtengan información sensible aprovechando el almacenamiento en texto claro de la clave inalámbrica.", }, ], id: "CVE-2015-0153", lastModified: "2024-11-21T02:22:27.767", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-12T21:29:00.833", references: [ { source: "psirt@us.ibm.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-320", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-16 09:58
Modified
2024-11-21 03:40
Severity ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-815_firmware | * | |
| dlink | dir-815 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DD7CD172-548A-49D6-9D3E-9A263E2C7A54", versionEndIncluding: "2.07.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*", matchCriteriaId: "50618B63-304B-4A61-AA50-5154E8690E88", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.", }, { lang: "es", value: "Los dispositivos D-Link DIR-815 REV. B (con firmware hasta la versión DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) tienen Cross-Site Scripting (XSS) en el parámetro RESULT en /htdocs/webinc/js/info.php.", }, ], id: "CVE-2018-10107", lastModified: "2024-11-21T03:40:50.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-16T09:58:09.837", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required | |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | D-Link | DAP-1360 |
Version: 20240112 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T18:11:35.784Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "technical-description", "x_transferred", ], url: "https://vuldb.com/?id.251542", }, { tags: [ "signature", "permissions-required", "x_transferred", ], url: "https://vuldb.com/?ctiid.251542", }, { tags: [ "exploit", "x_transferred", ], url: "https://github.com/999zzzzz/D-Link", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { modules: [ "HTTP GET Request Handler", ], product: "DAP-1360", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-300", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615GF", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-615T", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-620", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-620S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-806A", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815AC", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-815S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-816", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-820", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-822", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825AC", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825ACF", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-825ACG1", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-841", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-842", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-842S", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-843", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-853", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-878", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-882", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-1210", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-1260", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-2150", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-X1530", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DIR-X1860", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-224", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-245GR", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-2640U", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-2750U", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DSL-G2452GR", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-5402GFRU", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-N5402G", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DVG-N5402G-IL", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWM-312W", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWM-321", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWR-921", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "DWR-953", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, { modules: [ "HTTP GET Request Handler", ], product: "Good Line Router v2", vendor: "D-Link", versions: [ { status: "affected", version: "20240112", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "99iz (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.", }, { lang: "de", value: "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 5, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Information Disclosure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T15:31:04.290Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.251542", }, { tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.251542", }, { tags: [ "exploit", ], url: "https://github.com/999zzzzz/D-Link", }, ], timeline: [ { lang: "en", time: "2024-01-19T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-01-19T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-01-19T08:26:48.000Z", value: "VulDB entry last update", }, ], title: "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-0717", datePublished: "2024-01-19T15:31:04.290Z", dateReserved: "2024-01-19T07:21:32.386Z", dateUpdated: "2024-08-01T18:11:35.784Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10106
Vulnerability from cvelistv5
Published
2018-04-16 06:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.042Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-16T00:00:00", descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-16T05:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10106", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", refsource: "MISC", url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10106", datePublished: "2018-04-16T06:00:00", dateReserved: "2018-04-14T00:00:00", dateUpdated: "2024-08-05T07:32:01.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0153
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110586 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.409Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150153-info-disc(110586)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-10T00:00:00", descriptions: [ { lang: "en", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150153-info-disc(110586)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0153", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150153-info-disc(110586)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110586", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0153", datePublished: "2018-04-12T21:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.409Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8888
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110755 | vdb-entry, x_refsource_XF | |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:33:11.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "dlink-dir815-cve20148888-command-exec(110755)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-10T00:00:00", descriptions: [ { lang: "en", value: "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "dlink-dir815-cve20148888-command-exec(110755)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-8888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "dlink-dir815-cve20148888-command-exec(110755)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-8888", datePublished: "2018-04-12T21:00:00", dateReserved: "2014-11-14T00:00:00", dateUpdated: "2024-08-06T13:33:11.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0150
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110583 | vdb-entry, x_refsource_XF | |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "dlink-dir815-cve20150150-sec-bypass(110583)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-10T00:00:00", descriptions: [ { lang: "en", value: "The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "dlink-dir815-cve20150150-sec-bypass(110583)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0150", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "dlink-dir815-cve20150150-sec-bypass(110583)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110583", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0150", datePublished: "2018-04-12T21:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-22651
Vulnerability from cvelistv5
Published
2024-01-24 00:00
Modified
2024-09-10 20:25
Severity ?
EPSS score ?
Summary
There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:51:11.108Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:dlink:dir-815_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dir-815_firmware", vendor: "dlink", versions: [ { lessThanOrEqual: "1.04", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-22651", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T20:21:40.469336Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T20:25:11.495Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T15:44:17.049001", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-22651", datePublished: "2024-01-24T00:00:00", dateReserved: "2024-01-11T00:00:00", dateUpdated: "2024-09-10T20:25:11.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0151
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110584 | vdb-entry, x_refsource_XF | |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.040Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "dlink-dir815-cve20150151-csrf(110584)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "dlink-dir815-cve20150151-csrf(110584)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0151", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "dlink-dir815-cve20150151-csrf(110584)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110584", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0151", datePublished: "2018-04-12T21:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | x_refsource_MISC | |
| https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-19T19:24:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], tags: [ "unsupported-when-assigned", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", refsource: "MISC", url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25786", datePublished: "2020-09-19T19:24:09", dateReserved: "2020-09-19T00:00:00", dateUpdated: "2024-08-04T15:40:36.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37758
Vulnerability from cvelistv5
Published
2023-07-18 00:00
Modified
2024-10-28 16:32
Severity ?
EPSS score ?
Summary
D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:23:27.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_transferred", ], url: "https://support.dlink.ca/productinfo.aspx?m=dir-815", }, { tags: [ "x_transferred", ], url: "https://hackmd.io/%40pSgS7xsnS5a4K7Y0yiB43g/rJr8oNn_n", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:d-link:dir-815:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "dir-815", vendor: "d-link", versions: [ { status: "affected", version: "1.01", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37758", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T16:32:02.098274Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T16:32:47.177Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-18T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.dlink.com/en/security-bulletin/", }, { url: "https://support.dlink.ca/productinfo.aspx?m=dir-815", }, { url: "https://hackmd.io/%40pSgS7xsnS5a4K7Y0yiB43g/rJr8oNn_n", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37758", datePublished: "2023-07-18T00:00:00", dateReserved: "2023-07-10T00:00:00", dateUpdated: "2024-10-28T16:32:47.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51123
Vulnerability from cvelistv5
Published
2024-01-10 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:32:09.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/WhereisRain/dir-815", }, { tags: [ "x_transferred", ], url: "https://github.com/WhereisRain/dir-815/blob/main/README.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-22T15:23:26.221597", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/WhereisRain/dir-815", }, { url: "https://github.com/WhereisRain/dir-815/blob/main/README.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-51123", datePublished: "2024-01-10T00:00:00", dateReserved: "2023-12-18T00:00:00", dateUpdated: "2024-08-02T22:32:09.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10107
Vulnerability from cvelistv5
Published
2018-04-16 06:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-16T00:00:00", descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-16T05:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10107", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", refsource: "MISC", url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10107", datePublished: "2018-04-16T06:00:00", dateReserved: "2018-04-14T00:00:00", dateUpdated: "2024-08-05T07:32:01.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0152
Vulnerability from cvelistv5
Published
2018-04-12 21:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/110585 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:03:10.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150152-info-disc(110585)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-08-10T00:00:00", descriptions: [ { lang: "en", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-12T20:57:01", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150152-info-disc(110585)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2015-0152", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.07.B01_EN.PDF", }, { name: "dlink-dir815-cve20150152-info-disc(110585)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/110585", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2015-0152", datePublished: "2018-04-12T21:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T04:03:10.038Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10108
Vulnerability from cvelistv5
Published
2018-04-16 06:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.226Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-16T00:00:00", descriptions: [ { lang: "en", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-16T05:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10108", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", refsource: "MISC", url: "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10108", datePublished: "2018-04-16T06:00:00", dateReserved: "2018-04-14T00:00:00", dateUpdated: "2024-08-05T07:32:01.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }