Vulnerabilites related to dlink - dir-816l_firmware
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, { lang: "es", value: "Se detectó un problema en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. Se presenta una función de administración expuesta en el archivo getcfg.php, que puede ser utilizada para llamar a varios servicios. Puede ser usada por un atacante para recuperar información confidencial, tal y como credenciales de inicio de sesión de administrador, al establecer el valor de _POST_SERVICES en la cadena de consulta para DEVICE.ACCOUNT", }, ], id: "CVE-2020-15894", lastModified: "2024-11-21T05:06:23.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.710", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-803_firmware | 1.04.b02 | |
| dlink | dir-803 | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 | |
| dlink | dir-645_firmware | 1.06b01 | |
| dlink | dir-645 | a1 | |
| dlink | dir-815_firmware | 2.07.b01 | |
| dlink | dir-815 | b1 | |
| dlink | dir-860l_firmware | 1.10b04 | |
| dlink | dir-860l | a1 | |
| dlink | dir-865l_firmware | 1.08b01 | |
| dlink | dir-865l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, { lang: "es", value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario", }, ], id: "CVE-2020-25786", lastModified: "2024-11-21T05:18:46.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-19T20:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-18 12:15
Modified
2024-11-21 06:58
Severity ?
Summary
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 206b01 | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", matchCriteriaId: "A18EE532-DA3C-4510-94D3-4BC6DF91CA80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, { lang: "es", value: "Un problema de control de acceso en D-Link DIR816L_FW206b01 permite a atacantes no autenticados acceder a las carpetas folder_view.php y category_view.php", }, ], id: "CVE-2022-28955", lastModified: "2024-11-21T06:58:14.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-18T12:15:08.010", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, { lang: "es", value: "Se detectó un problema en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. Universal Plug and Play (UPnP) está habilitado por defecto en el puerto 1900. Un atacante puede llevar a cabo una inyección de comandos mediante la inyección de una carga útil en el campo Search Target (ST) del paquete de detección SSDP M-SEARCH", }, ], id: "CVE-2020-15893", lastModified: "2024-11-21T05:06:23.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.553", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-11-18 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | * | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6FD01135-EBCD-46E0-B456-73C8D1407948", versionEndIncluding: "2.05.b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, { lang: "es", value: "Múltiples vulnerabilidades de CSRF en el D-Link DIR-816L Wireless Router con firmware en versiones anteriores a 2.06.B09_BETA permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que (1) cambian la contraseña administrador, (2) cambian la política de red o (3) posiblemente tienen otro impacto no especificado a través de peticiones a hedwig.cgi y pigwidgeon.cgi manipuladas.", }, ], id: "CVE-2015-5999", lastModified: "2024-11-21T02:34:16.350", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-11-18T16:59:02.380", references: [ { source: "cret@cert.org", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { source: "cret@cert.org", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { source: "cret@cert.org", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/77588", }, { source: "cret@cert.org", url: "https://www.exploit-db.com/exploits/38707/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/38707/", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-25 22:29
Modified
2024-11-21 04:48
Severity ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-817lw_firmware | 1.04 | |
| dlink | dir-817lw | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l | b1 | |
| dlink | dir-816_firmware | 2.06 | |
| dlink | dir-816 | b1 | |
| dlink | dir-850l_firmware | 1.09 | |
| dlink | dir-850l | a1 | |
| dlink | dir-868l_firmware | 1.10 | |
| dlink | dir-868l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*", matchCriteriaId: "8860070A-8B05-46B9-A8CD-AD2DA9B543FD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*", matchCriteriaId: "6DADD4BA-C614-40C1-BEA4-76DDA87FBAB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "5F74DFB0-3630-416A-8C15-73181EFA4DE9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*", matchCriteriaId: "9348DEC5-2136-4979-859E-72D01C9840CE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*", matchCriteriaId: "F270BF5D-19E8-499C-A089-6E17DEC2E7E9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*", matchCriteriaId: "E293D83B-F8D8-46DC-84B6-EF08F773BEC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*", matchCriteriaId: "62D91030-F965-427A-A51B-BC0A3AB78368", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*", matchCriteriaId: "0D8A8303-F830-477F-8944-F1149A0CD521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, { lang: "es", value: "Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesión. Los objetivos vulnerables incluyen pero no se limitan a las versiones más recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10).", }, ], id: "CVE-2019-7642", lastModified: "2024-11-21T04:48:27.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-25T22:29:00.810", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-22 19:15
Modified
2024-11-21 05:06
Severity ?
Summary
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, { lang: "es", value: "Se detectó un problema de tipo XSS en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. En el archivo webinc/js/info.php, ninguna filtración de salida es aplicada al parámetro RESULT, antes de que se imprima en la página web", }, ], id: "CVE-2020-15895", lastModified: "2024-11-21T05:06:23.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-22T19:15:12.833", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-18 12:15
Modified
2024-11-21 06:58
Severity ?
Summary
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-816l_firmware | 206b01 | |
| dlink | dir-816l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:*", matchCriteriaId: "A18EE532-DA3C-4510-94D3-4BC6DF91CA80", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:-:*:*:*:*:*:*:*", matchCriteriaId: "A17C1E74-E315-4292-AF6B-EEF86B64A63C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, { lang: "es", value: "Un problema en el componente getcfg.php de D-Link DIR816L_FW206b01 permite a atacantes acceder al dispositivo por medio de una carga útil diseñada", }, ], id: "CVE-2022-28956", lastModified: "2024-11-21T06:58:14.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-18T12:15:08.067", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-7642
Vulnerability from cvelistv5
Published
2019-03-25 21:29
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:54:27.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-03-04T00:00:00", descriptions: [ { lang: "en", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-25T21:29:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", refsource: "MISC", url: "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7642", datePublished: "2019-03-25T21:29:04", dateReserved: "2019-02-08T00:00:00", dateUpdated: "2024-08-04T20:54:27.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5999
Vulnerability from cvelistv5
Published
2015-11-18 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Nov/45 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/536886/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/77588 | vdb-entry, x_refsource_BID | |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/38707/ | exploit, x_refsource_EXPLOIT-DB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77588", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/38707/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-10T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77588", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/38707/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2015-5999", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) change the network policy, or (3) possibly have other unspecified impact via crafted requests to hedwig.cgi and pigwidgeon.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20151114 D-link wireless router DIR-816L ââ¬â Cross-Site Request Forgery (CSRF) vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2015/Nov/45", }, { name: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/134379/D-Link-DIR-816L-Cross-Site-Request-Forgery.html", }, { name: "20151114 D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/536886/100/0/threaded", }, { name: "77588", refsource: "BID", url: "http://www.securityfocus.com/bid/77588", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-816L/DIR-816L_REVB_FIRMWARE_PATCH_NOTES_2.06.B09_BETA_EN.PDF", }, { name: "38707", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/38707/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2015-5999", datePublished: "2015-11-18T16:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:06:35.148Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | x_refsource_MISC | |
| https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-19T19:24:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], tags: [ "unsupported-when-assigned", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", refsource: "MISC", url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25786", datePublished: "2020-09-19T19:24:09", dateReserved: "2020-09-19T00:00:00", dateUpdated: "2024-08-04T15:40:36.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15893
Vulnerability from cvelistv5
Published
2020-07-22 18:56
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:56:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15893", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15893", datePublished: "2020-07-22T18:56:05", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:22.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28956
Vulnerability from cvelistv5
Published
2022-05-18 11:50
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://github.com/shijin0925/IOT/blob/master/DIR816/4.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:57.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-18T11:50:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dlink.com/en/security-bulletin/", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin/", }, { name: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", refsource: "MISC", url: "https://github.com/shijin0925/IOT/blob/master/DIR816/4.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28956", datePublished: "2022-05-18T11:50:42", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:57.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15894
Vulnerability from cvelistv5
Published
2020-07-22 18:55
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.013Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:55:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15894", datePublished: "2020-07-22T18:55:56", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:23.013Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15895
Vulnerability from cvelistv5
Published
2020-07-22 18:55
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:23.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T18:55:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { tags: [ "x_refsource_MISC", ], url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169", }, { name: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", refsource: "MISC", url: "https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15895", datePublished: "2020-07-22T18:55:44", dateReserved: "2020-07-22T00:00:00", dateUpdated: "2024-08-04T13:30:23.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28955
Vulnerability from cvelistv5
Published
2022-05-18 11:50
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin/ | x_refsource_MISC | |
| https://github.com/shijin0925/IOT/blob/master/DIR816/1.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:57.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-18T11:50:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28955", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dlink.com/en/security-bulletin/", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin/", }, { name: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", refsource: "MISC", url: "https://github.com/shijin0925/IOT/blob/master/DIR816/1.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28955", datePublished: "2022-05-18T11:50:41", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:57.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }