Vulnerabilites related to dlink - dir-816l
cve-2020-15893
Vulnerability from cvelistv5
Published
2020-07-22 18:56
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:56:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15893", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15893", datePublished: "2020-07-22T18:56:05", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:22.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28956
Vulnerability from cvelistv5
Published
2022-05-18 11:50
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:57.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-18T11:50:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dlink.com/en/security-bulletin/", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin/", }, { name: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", refsource: "MISC", url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28956", datePublished: "2022-05-18T11:50:42", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:57.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7642
Vulnerability from cvelistv5
Published
2019-03-25 21:29
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:54:27.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-03-04T00:00:00", descriptions: [ { lang: "en", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-25T21:29:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", refsource: "MISC", url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7642", datePublished: "2019-03-25T21:29:04", dateReserved: "2019-02-08T00:00:00", dateUpdated: "2024-08-04T20:54:27.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28955
Vulnerability from cvelistv5
Published
2022-05-18 11:50
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:57.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-18T11:50:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28955", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dlink.com/en/security-bulletin/", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin/", }, { name: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", refsource: "MISC", url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28955", datePublished: "2022-05-18T11:50:41", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:57.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5999
Vulnerability from cvelistv5
Published
2015-11-18 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Nov/45 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536886/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/77588 | vdb-entry, x_refsource_BID | |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/38707/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77588", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/38707/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-10T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77588", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/38707/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2015-5999", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { name: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", refsource: "BID", url: "http://www.securityfocus.com/bid/77588", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/38707/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2015-5999", datePublished: "2015-11-18T16:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:06:35.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | x_refsource_MISC | |
| https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-19T19:24:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], tags: [ "unsupported-when-assigned", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", refsource: "MISC", url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25786", datePublished: "2020-09-19T19:24:09", dateReserved: "2020-09-19T00:00:00", dateUpdated: "2024-08-04T15:40:36.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15894
Vulnerability from cvelistv5
Published
2020-07-22 18:55
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.013Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:55:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15894", datePublished: "2020-07-22T18:55:56", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:23.013Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15895
Vulnerability from cvelistv5
Published
2020-07-22 18:55
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:55:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15895", datePublished: "2020-07-22T18:55:44", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:23.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, { lang: "es", value: "Se detectó un problema en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. Universal Plug and Play (UPnP) está habilitado por defecto en el puerto 1900. Un atacante puede llevar a cabo una inyección de comandos mediante la inyección de una carga útil en el campo Search Target (ST) del paquete de detección SSDP M-SEARCH", }, ], id: "CVE-2020-15893", lastModified: "2024-11-21T05:06:23.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.553", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, { lang: "es", value: "Se detectó un problema de tipo XSS en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. En el archivo webinc/js/info.php, ninguna filtración de salida es aplicada al parámetro RESULT, antes de que se imprima en la página web", }, ], id: "CVE-2020-15895", lastModified: "2024-11-21T05:06:23.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.833", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, { lang: "es", value: "Se detectó un problema en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. Se presenta una función de administración expuesta en el archivo getcfg.php, que puede ser utilizada para llamar a varios servicios. Puede ser usada por un atacante para recuperar información confidencial, tal y como credenciales de inicio de sesión de administrador, al establecer el valor de _POST_SERVICES en la cadena de consulta para DEVICE.ACCOUNT", }, ], id: "CVE-2020-15894", lastModified: "2024-11-21T05:06:23.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.710", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-803_firmware | 1.04.b02 | |
| dlink | dir-803 | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 | |
| dlink | dir-645_firmware | 1.06b01 | |
| dlink | dir-645 | a1 | |
| dlink | dir-815_firmware | 2.07.b01 | |
| dlink | dir-815 | b1 | |
| dlink | dir-860l_firmware | 1.10b04 | |
| dlink | dir-860l | a1 | |
| dlink | dir-865l_firmware | 1.08b01 | |
| dlink | dir-865l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, { lang: "es", value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario", }, ], id: "CVE-2020-25786", lastModified: "2024-11-21T05:18:46.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-19T20:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-11-18 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | * | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FD01135-EBCD-46E0-B456-73C8D1407948", versionEndIncluding: "2.05.b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, { lang: "es", value: "Múltiples vulnerabilidades de CSRF en el D-Link DIR-816L Wireless Router con firmware en versiones anteriores a 2.06.B09_BETA permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que (1) cambian la contraseña administrador, (2) cambian la política de red o (3) posiblemente tienen otro impacto no especificado a través de peticiones a hedwig.cgi y pigwidgeon.cgi manipuladas.", }, ], id: "CVE-2015-5999", lastModified: "2024-11-21T02:34:16.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-18T16:59:02.380", references: [ { source: "cret@cert.org", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { source: "cret@cert.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { source: "cret@cert.org", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/77588", }, { source: "cret@cert.org", url: "https://www.exploit-db.com/exploits/38707/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/38707/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-25 22:29
Modified
2024-11-21 04:48
Severity ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-817lw_firmware | 1.04 | |
| dlink | dir-817lw | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l | b1 | |
| dlink | dir-816_firmware | 2.06 | |
| dlink | dir-816 | b1 | |
| dlink | dir-850l_firmware | 1.09 | |
| dlink | dir-850l | a1 | |
| dlink | dir-868l_firmware | 1.10 | |
| dlink | dir-868l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*", matchCriteriaId: "8860070A-8B05-46B9-A8CD-AD2DA9B543FD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*", matchCriteriaId: "6DADD4BA-C614-40C1-BEA4-76DDA87FBAB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "5F74DFB0-3630-416A-8C15-73181EFA4DE9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*", matchCriteriaId: "9348DEC5-2136-4979-859E-72D01C9840CE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*", matchCriteriaId: "F270BF5D-19E8-499C-A089-6E17DEC2E7E9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*", matchCriteriaId: "E293D83B-F8D8-46DC-84B6-EF08F773BEC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*", matchCriteriaId: "62D91030-F965-427A-A51B-BC0A3AB78368", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*", matchCriteriaId: "0D8A8303-F830-477F-8944-F1149A0CD521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, { lang: "es", value: "Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesión. Los objetivos vulnerables incluyen pero no se limitan a las versiones más recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10).", }, ], id: "CVE-2019-7642", lastModified: "2024-11-21T04:48:27.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-25T22:29:00.810", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-18 12:15
Modified
2024-11-21 06:58
Severity ?
Summary
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 206b01 | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", matchCriteriaId: "A18EE532-DA3C-4510-94D3-4BC6DF91CA80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, { lang: "es", value: "Un problema en el componente getcfg.php de D-Link DIR816L_FW206b01 permite a atacantes acceder al dispositivo por medio de una carga útil diseñada", }, ], id: "CVE-2022-28956", lastModified: "2024-11-21T06:58:14.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-18T12:15:08.067", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-18 12:15
Modified
2024-11-21 06:58
Severity ?
Summary
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 206b01 | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", matchCriteriaId: "A18EE532-DA3C-4510-94D3-4BC6DF91CA80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, { lang: "es", value: "Un problema de control de acceso en D-Link DIR816L_FW206b01 permite a atacantes no autenticados acceder a las carpetas folder_view.php y category_view.php", }, ], id: "CVE-2022-28955", lastModified: "2024-11-21T06:58:14.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-18T12:15:08.010", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202007-0675
Vulnerability from variot
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. D-Link DIR-816L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-816L is a wireless router made by D-Link in Taiwan.
D-Link DIR-816L 1.10b04Beta02 has an information disclosure vulnerability in 2.x versions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0675", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-816l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-816l 2.*,<1.10b04beta02", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-15894", }, ], }, cve: "CVE-2020-15894", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-008185", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-42656", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-008185", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-15894", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-008185", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-42656", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202007-1376", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, { db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. D-Link DIR-816L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. \n\r\n\r\nD-Link DIR-816L 1.10b04Beta02 has an information disclosure vulnerability in 2.x versions", sources: [ { db: "NVD", id: "CVE-2020-15894", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "CNVD", id: "CNVD-2020-42656", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-15894", trust: 3, }, { db: "DLINK", id: "SAP10169", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-008185", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-42656", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202007-1376", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, { db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, id: "VAR-202007-0675", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, ], trust: 1.1497076, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, ], }, last_update_date: "2023-12-18T12:55:56.555000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DAP-1520 Rev. Ax FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 :: End of Support Recommendation for Disclosed Vulnerabiltieis", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { title: "Patch for D-Link DIR-816L information disclosure vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/227315", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15894", }, { trust: 1.6, url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15894", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, { db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-42656", }, { db: "JVNDB", id: "JVNDB-2020-008185", }, { db: "NVD", id: "CVE-2020-15894", }, { db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-27T00:00:00", db: "CNVD", id: "CNVD-2020-42656", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008185", }, { date: "2020-07-22T19:15:12.710000", db: "NVD", id: "CVE-2020-15894", }, { date: "2020-07-22T00:00:00", db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-27T00:00:00", db: "CNVD", id: "CNVD-2020-42656", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008185", }, { date: "2023-11-08T22:49:55.577000", db: "NVD", id: "CVE-2020-15894", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-202007-1376", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202007-1376", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-008185", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-202007-1376", }, ], trust: 0.6, }, }
var-202205-1549
Vulnerability from variot
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. D-Link DIR816 is a wireless router from D-Link Company in Taiwan
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1549", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "206b01", }, { model: "dir-816l 206b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, { db: "NVD", id: "CVE-2022-28955", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-28955", }, ], }, cve: "CVE-2022-28955", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2022-41785", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2022-28955", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-28955", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2022-41785", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202205-3677", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2022-28955", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, { db: "VULMON", id: "CVE-2022-28955", }, { db: "NVD", id: "CVE-2022-28955", }, { db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. D-Link DIR816 is a wireless router from D-Link Company in Taiwan", sources: [ { db: "NVD", id: "CVE-2022-28955", }, { db: "CNVD", id: "CNVD-2022-41785", }, { db: "VULMON", id: "CVE-2022-28955", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28955", trust: 2.3, }, { db: "CNVD", id: "CNVD-2022-41785", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202205-3677", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28955", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, { db: "VULMON", id: "CVE-2022-28955", }, { db: "NVD", id: "CVE-2022-28955", }, { db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, id: "VAR-202205-1549", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, ], trust: 1.3748538, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, ], }, last_update_date: "2023-12-18T13:27:13.868000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-287", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28955", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 1.7, url: "https://github.com/shijin0925/iot/blob/master/dir816/1.md", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2022-28955", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28955/", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/287.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, { db: "VULMON", id: "CVE-2022-28955", }, { db: "NVD", id: "CVE-2022-28955", }, { db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2022-41785", }, { db: "VULMON", id: "CVE-2022-28955", }, { db: "NVD", id: "CVE-2022-28955", }, { db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-27T00:00:00", db: "CNVD", id: "CNVD-2022-41785", }, { date: "2022-05-18T00:00:00", db: "VULMON", id: "CVE-2022-28955", }, { date: "2022-05-18T12:15:08.010000", db: "NVD", id: "CVE-2022-28955", }, { date: "2022-05-18T00:00:00", db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-30T00:00:00", db: "CNVD", id: "CNVD-2022-41785", }, { date: "2022-05-26T00:00:00", db: "VULMON", id: "CVE-2022-28955", }, { date: "2022-05-26T02:52:29.737000", db: "NVD", id: "CVE-2022-28955", }, { date: "2022-05-30T00:00:00", db: "CNNVD", id: "CNNVD-202205-3677", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-3677", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR816 Access Control Error Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2022-41785", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "authorization issue", sources: [ { db: "CNNVD", id: "CNNVD-202205-3677", }, ], trust: 0.6, }, }
var-202007-0676
Vulnerability from variot
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. D-Link DIR-816L A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. D-Link DIR-816L is a wireless AC750 dual-band cloud router
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0676", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-816l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-816l 2.*,<1.10b04beta02", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-15895", }, ], }, cve: "CVE-2020-15895", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "JVNDB-2020-008186", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-41876", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-15895", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "JVNDB-2020-008186", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-15895", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "JVNDB-2020-008186", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2020-41876", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202007-1377", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-15895", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "CNNVD", id: "CNNVD-202007-1377", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. D-Link DIR-816L A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. D-Link DIR-816L is a wireless AC750 dual-band cloud router", sources: [ { db: "NVD", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-15895", trust: 3.1, }, { db: "DLINK", id: "SAP10169", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-008186", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-41876", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202007-1377", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-15895", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "CNNVD", id: "CNNVD-202007-1377", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, id: "VAR-202007-0676", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, ], trust: 1.1497076, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, ], }, last_update_date: "2024-02-13T22:38:50.672000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DAP-1520 Rev. Ax FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 :: End of Support Recommendation for Disclosed Vulnerabiltieis", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { title: "Patch for D-Link DIR-816L cross-site scripting vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/226867", }, { title: "Kenzer Templates [5170] [DEPRECATED]", trust: 0.1, url: "https://github.com/arpsyndicate/kenzer-templates ", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15895", }, { trust: 1.7, url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15895", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/arpsyndicate/kenzer-templates", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "CNNVD", id: "CNNVD-202007-1377", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "VULMON", id: "CVE-2020-15895", }, { db: "JVNDB", id: "JVNDB-2020-008186", }, { db: "CNNVD", id: "CNNVD-202007-1377", }, { db: "NVD", id: "CVE-2020-15895", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-23T00:00:00", db: "CNVD", id: "CNVD-2020-41876", }, { date: "2020-07-22T00:00:00", db: "VULMON", id: "CVE-2020-15895", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008186", }, { date: "2020-07-22T00:00:00", db: "CNNVD", id: "CNNVD-202007-1377", }, { date: "2020-07-22T19:15:12.833000", db: "NVD", id: "CVE-2020-15895", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-23T00:00:00", db: "CNVD", id: "CNVD-2020-41876", }, { date: "2023-11-08T00:00:00", db: "VULMON", id: "CVE-2020-15895", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008186", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202007-1377", }, { date: "2023-11-08T22:50:33.587000", db: "NVD", id: "CVE-2020-15895", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202007-1377", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L cross-site scripting vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-41876", }, { db: "CNNVD", id: "CNNVD-202007-1377", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202007-1377", }, ], trust: 0.6, }, }
var-202009-0817
Vulnerability from variot
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0817", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-645", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-860l", scope: "eq", trust: 1, vendor: "dlink", version: "1.10b04", }, { model: "dir-803", scope: "eq", trust: 1, vendor: "dlink", version: "1.04.b02", }, { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.08b01", }, { model: "dir-803 1.04.b02", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-816l 2.06.b09 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, cve: "CVE-2020-25786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-59764", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-25786", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2020-25786", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59764", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-25786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2020-25786", }, { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-25786", trust: 2.3, }, { db: "DLINK", id: "SAP10190", trust: 1.7, }, { db: "CNVD", id: "CNVD-2020-59764", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-25786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, id: "VAR-202009-0817", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 1.28161163, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], }, last_update_date: "2024-05-17T23:12:39.331000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237805", }, { title: "D-Link DIR-816L and DIR-803 Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128929", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/sek1th/iot/blob/master/dir-816l_xss.md", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10190", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-25786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2020-09-19T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-09-19T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2020-09-19T20:15:11.903000", db: "NVD", id: "CVE-2020-25786", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-11-01T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2024-05-17T01:46:24", db: "NVD", id: "CVE-2020-25786", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, }
var-201511-0048
Vulnerability from variot
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. The D-Link DIR-816L is a wireless router product from D-Link. D-Link DIR-816L is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-816L running firmware 2.06.B01 and prior are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0048", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "lte", trust: 1, vendor: "dlink", version: "2.05.b02", }, { model: "dir-816l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-816l", scope: "lt", trust: 0.8, vendor: "d link", version: "2.06.b09_beta", }, { model: "dir-816l 2.06.b01", scope: "lt", trust: 0.6, vendor: "d link", version: null, }, { model: "dir-816l", scope: "eq", trust: 0.6, vendor: "d link", version: "2.05.b02", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.05.b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-5999", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Bhadresh Patel", sources: [ { db: "BID", id: "77588", }, ], trust: 0.3, }, cve: "CVE-2015-5999", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-5999", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2015-07713", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-83960", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2015-5999", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2015-07713", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201511-294", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-83960", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "VULHUB", id: "VHN-83960", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi. The D-Link DIR-816L is a wireless router product from D-Link. D-Link DIR-816L is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. \nD-Link DIR-816L running firmware 2.06.B01 and prior are vulnerable", sources: [ { db: "NVD", id: "CVE-2015-5999", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "CNVD", id: "CNVD-2015-07713", }, { db: "BID", id: "77588", }, { db: "VULHUB", id: "VHN-83960", }, ], trust: 2.52, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-83960", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-83960", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-5999", trust: 3.4, }, { db: "BID", id: "77588", trust: 2.6, }, { db: "PACKETSTORM", id: "134379", trust: 2.3, }, { db: "EXPLOIT-DB", id: "38707", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2015-005967", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201511-294", trust: 0.7, }, { db: "CNVD", id: "CNVD-2015-07713", trust: 0.6, }, { db: "SEEBUG", id: "SSVID-92774", trust: 0.1, }, { db: "VULHUB", id: "VHN-83960", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "VULHUB", id: "VHN-83960", }, { db: "BID", id: "77588", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, id: "VAR-201511-0048", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "VULHUB", id: "VHN-83960", }, ], trust: 1.2497075999999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, ], }, last_update_date: "2023-12-18T12:51:38.557000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-816L", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-816l/dir-816l_revb_firmware_patch_notes_2.06.b09_beta_en.pdf", }, { title: "Patch for D-Link DIR-816L Cross-Site Request Forgery Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/66998", }, { title: "D-Link DIR-816L Wireless Repair measures for router cross-site request forgery vulnerability", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58778", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-83960", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "http://packetstormsecurity.com/files/134379/d-link-dir-816l-cross-site-request-forgery.html", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/77588", }, { trust: 1.7, url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { trust: 1.7, url: "https://www.exploit-db.com/exploits/38707/", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2015/nov/45", }, { trust: 1.4, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5999", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-816l/dir-816l_revb_firmware_patch_notes_2.06.b09_beta_en.pdf", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5999", }, { trust: 0.3, url: "http://www.dlink.com/", }, ], sources: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "VULHUB", id: "VHN-83960", }, { db: "BID", id: "77588", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2015-07713", }, { db: "VULHUB", id: "VHN-83960", }, { db: "BID", id: "77588", }, { db: "JVNDB", id: "JVNDB-2015-005967", }, { db: "NVD", id: "CVE-2015-5999", }, { db: "CNNVD", id: "CNNVD-201511-294", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-11-23T00:00:00", db: "CNVD", id: "CNVD-2015-07713", }, { date: "2015-11-18T00:00:00", db: "VULHUB", id: "VHN-83960", }, { date: "2015-11-14T00:00:00", db: "BID", id: "77588", }, { date: "2015-11-20T00:00:00", db: "JVNDB", id: "JVNDB-2015-005967", }, { date: "2015-11-18T16:59:02.380000", db: "NVD", id: "CVE-2015-5999", }, { date: "2015-11-19T00:00:00", db: "CNNVD", id: "CNNVD-201511-294", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-11-24T00:00:00", db: "CNVD", id: "CNVD-2015-07713", }, { date: "2018-10-09T00:00:00", db: "VULHUB", id: "VHN-83960", }, { date: "2015-12-07T22:22:00", db: "BID", id: "77588", }, { date: "2015-11-20T00:00:00", db: "JVNDB", id: "JVNDB-2015-005967", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2015-5999", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201511-294", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201511-294", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L Wireless Cross-site request forgery vulnerability in router firmware", sources: [ { db: "JVNDB", id: "JVNDB-2015-005967", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-201511-294", }, ], trust: 0.6, }, }
var-201903-0482
Vulnerability from variot
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0482", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-850l", scope: "eq", trust: 1, vendor: "dlink", version: "1.09", }, { model: "dir-868l", scope: "eq", trust: 1, vendor: "dlink", version: "1.10", }, { model: "dir-816", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-817lw", scope: "eq", trust: 1, vendor: "dlink", version: "1.04", }, { model: "dir-816", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-816l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-817lw", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-850l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-868l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-817lw a1-1.04", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-7642", }, ], }, cve: "CVE-2019-7642", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-7642", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2019-23343", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-159077", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-7642", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-7642", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-23343", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201903-926", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-159077", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2019-7642", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, { db: "VULMON", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, { db: "CNNVD", id: "CNNVD-201903-926", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)", sources: [ { db: "NVD", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, { db: "VULMON", id: "CVE-2019-7642", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-7642", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2019-003086", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201903-926", trust: 0.7, }, { db: "CNVD", id: "CNVD-2019-23343", trust: 0.6, }, { db: "VULHUB", id: "VHN-159077", trust: 0.1, }, { db: "VULMON", id: "CVE-2019-7642", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, { db: "VULMON", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, { db: "CNNVD", id: "CNNVD-201903-926", }, ], }, id: "VAR-201903-0482", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, ], trust: 1.1576200966666665, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, ], }, last_update_date: "2023-12-18T12:43:36.844000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "http://www.dlink.lt/en/", }, { title: "CVE-2019-7642", trust: 0.1, url: "https://github.com/xw77cve/cve ", }, { title: "CVE-2019-7642", trust: 0.1, url: "https://github.com/xw77cve/cve-2019-7642 ", }, { title: "PoC", trust: 0.1, url: "https://github.com/jonathan-elias/poc ", }, { title: "CVE-POC", trust: 0.1, url: "https://github.com/0xt11/cve-poc ", }, { title: "PoC-in-GitHub", trust: 0.1, url: "https://github.com/nomi-sec/poc-in-github ", }, { title: "PoC-in-GitHub", trust: 0.1, url: "https://github.com/hectorgie/poc-in-github ", }, ], sources: [ { db: "VULMON", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-306", trust: 1.1, }, { problemtype: "CWE-287", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-159077", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/xw77cve/cve-2019-7642/blob/master/readme.md", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-7642", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7642", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/306.html", }, { trust: 0.1, url: "https://github.com/xw77cve/cve", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/nomi-sec/poc-in-github", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, { db: "VULMON", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, { db: "CNNVD", id: "CNNVD-201903-926", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-23343", }, { db: "VULHUB", id: "VHN-159077", }, { db: "VULMON", id: "CVE-2019-7642", }, { db: "JVNDB", id: "JVNDB-2019-003086", }, { db: "NVD", id: "CVE-2019-7642", }, { db: "CNNVD", id: "CNNVD-201903-926", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-18T00:00:00", db: "CNVD", id: "CNVD-2019-23343", }, { date: "2019-03-25T00:00:00", db: "VULHUB", id: "VHN-159077", }, { date: "2019-03-25T00:00:00", db: "VULMON", id: "CVE-2019-7642", }, { date: "2019-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2019-003086", }, { date: "2019-03-25T22:29:00.810000", db: "NVD", id: "CVE-2019-7642", }, { date: "2019-03-25T00:00:00", db: "CNNVD", id: "CNNVD-201903-926", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-19T00:00:00", db: "CNVD", id: "CNVD-2019-23343", }, { date: "2020-08-24T00:00:00", db: "VULHUB", id: "VHN-159077", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2019-7642", }, { date: "2019-05-09T00:00:00", db: "JVNDB", id: "JVNDB-2019-003086", }, { date: "2021-04-23T15:45:24.947000", db: "NVD", id: "CVE-2019-7642", }, { date: "2021-04-25T00:00:00", db: "CNNVD", id: "CNNVD-201903-926", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201903-926", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Authentication vulnerabilities in products", sources: [ { db: "JVNDB", id: "JVNDB-2019-003086", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "access control error", sources: [ { db: "CNNVD", id: "CNNVD-201903-926", }, ], trust: 0.6, }, }
var-202205-1480
Vulnerability from variot
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1480", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "206b01", }, ], sources: [ { db: "NVD", id: "CVE-2022-28956", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-28956", }, ], }, cve: "CVE-2022-28956", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2022-28956", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202205-3675", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2022-28956", }, { db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload", sources: [ { db: "NVD", id: "CVE-2022-28956", }, { db: "VULMON", id: "CVE-2022-28956", }, ], trust: 0.99, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2022-28956", trust: 1.7, }, { db: "CNNVD", id: "CNNVD-202205-3675", trust: 0.6, }, { db: "VULMON", id: "CVE-2022-28956", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2022-28956", }, { db: "NVD", id: "CVE-2022-28956", }, { db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, id: "VAR-202205-1480", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.5497076, }, last_update_date: "2023-12-18T13:00:48.528000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2022-28956", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://www.dlink.com/en/security-bulletin/", }, { trust: 1.7, url: "https://github.com/shijin0925/iot/blob/master/dir816/4.md", }, { trust: 0.6, url: "https://cxsecurity.com/cveshow/cve-2022-28956/", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "VULMON", id: "CVE-2022-28956", }, { db: "NVD", id: "CVE-2022-28956", }, { db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2022-28956", }, { db: "NVD", id: "CVE-2022-28956", }, { db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-18T00:00:00", db: "VULMON", id: "CVE-2022-28956", }, { date: "2022-05-18T12:15:08.067000", db: "NVD", id: "CVE-2022-28956", }, { date: "2022-05-18T00:00:00", db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-18T00:00:00", db: "VULMON", id: "CVE-2022-28956", }, { date: "2022-05-26T02:49:13.123000", db: "NVD", id: "CVE-2022-28956", }, { date: "2022-05-30T00:00:00", db: "CNNVD", id: "CNNVD-202205-3675", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202205-3675", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR816 Security hole", sources: [ { db: "CNNVD", id: "CNNVD-202205-3675", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202205-3675", }, ], trust: 0.6, }, }
var-202007-0674
Vulnerability from variot
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. D-Link DIR-816L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-816L is a wireless router made by D-Link in Taiwan.
D-Link DIR-816L 1.10b04Beta02 has an operating system command injection vulnerability in 2.x versions. Attackers can use this vulnerability to inject arbitrary commands
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0674", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-816l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-816l 2.*,<1.10b04beta02", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-15893", }, ], }, cve: "CVE-2020-15893", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-008184", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-42655", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-008184", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-15893", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2020-008184", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-42655", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202007-1375", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, { db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. D-Link DIR-816L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. \n\r\n\r\nD-Link DIR-816L 1.10b04Beta02 has an operating system command injection vulnerability in 2.x versions. Attackers can use this vulnerability to inject arbitrary commands", sources: [ { db: "NVD", id: "CVE-2020-15893", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "CNVD", id: "CNVD-2020-42655", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-15893", trust: 3, }, { db: "DLINK", id: "SAP10169", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-008184", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-42655", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202007-1375", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, { db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, id: "VAR-202007-0674", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, ], trust: 1.1497076, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, ], }, last_update_date: "2023-12-18T12:55:56.510000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DAP-1520 Rev. Ax FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 :: End of Support Recommendation for Disclosed Vulnerabiltieis", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { title: "Patch for D-Link DIR-816L command injection vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/227311", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15893", }, { trust: 1.6, url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15893", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, { db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-42655", }, { db: "JVNDB", id: "JVNDB-2020-008184", }, { db: "NVD", id: "CVE-2020-15893", }, { db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-27T00:00:00", db: "CNVD", id: "CNVD-2020-42655", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008184", }, { date: "2020-07-22T19:15:12.553000", db: "NVD", id: "CVE-2020-15893", }, { date: "2020-07-22T00:00:00", db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-07-27T00:00:00", db: "CNVD", id: "CNVD-2020-42655", }, { date: "2020-09-04T00:00:00", db: "JVNDB", id: "JVNDB-2020-008184", }, { date: "2023-11-08T22:49:34.427000", db: "NVD", id: "CVE-2020-15893", }, { date: "2020-07-27T00:00:00", db: "CNNVD", id: "CNNVD-202007-1375", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202007-1375", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L On the device OS Command injection vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2020-008184", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202007-1375", }, ], trust: 0.6, }, }