Vulnerabilites related to dlink - dir-865l
var-201910-1349
Vulnerability from variot

D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.

An unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1349",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: null,
            trust: 1.4,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1.2,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
      ],
   },
   cve: "CVE-2013-4857",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2013-4857",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2019-39546",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2013-4857",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2013-4857",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2019-39546",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201910-1499",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULMON",
                  id: "CVE-2013-4857",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nAn unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time",
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2013-4857",
            trust: 3.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   id: "VAR-201910-1349",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
      ],
      trust: 1.1744681,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
      ],
   },
   last_update_date: "2023-12-18T13:43:11.770000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.dlink.com/en/consumer",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-91",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
         },
         {
            trust: 2.5,
            url: "https://www.ise.io/soho_service_hacks/",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2013-4857",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4857",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/91.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            date: "2019-10-25T00:00:00",
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            date: "2019-10-31T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            date: "2019-10-25T16:15:10.490000",
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            date: "2019-10-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39546",
         },
         {
            date: "2019-10-28T00:00:00",
            db: "VULMON",
            id: "CVE-2013-4857",
         },
         {
            date: "2019-10-31T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
         {
            date: "2023-04-26T19:27:52.350000",
            db: "NVD",
            id: "CVE-2013-4857",
         },
         {
            date: "2019-10-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Blind in  XPath Injection vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006859",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "other",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1499",
         },
      ],
      trust: 0.6,
   },
}

var-202006-0143
Vulnerability from variot

D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0143",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
      ],
   },
   cve: "CVE-2020-13782",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006052",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-33168",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "VULMON",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8,
                  id: "CVE-2020-13782",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006052",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13782",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006052",
                  trust: 0.8,
                  value: "Critical",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33168",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-328",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-13782",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13782",
            trust: 3.1,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   id: "VAR-202006-0143",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.652000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L operating system command injection vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221791",
         },
         {
            title: "D-Link DIR-865L Fixes for operating system command injection vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120232",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-78",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13782",
         },
         {
            trust: 1.7,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.7,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13782",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/78.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2020-13782",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            date: "2020-06-03T17:15:24.997000",
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            date: "2022-09-02T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13782",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006052",
         },
         {
            date: "2022-09-02T15:41:32.800000",
            db: "NVD",
            id: "CVE-2020-13782",
         },
         {
            date: "2022-09-05T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L operating system command injection vulnerability",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33168",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
      trust: 1.2,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "operating system commend injection",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-328",
         },
      ],
      trust: 0.6,
   },
}

var-202006-0144
Vulnerability from variot

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0144",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
      ],
   },
   cve: "CVE-2020-13785",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006038",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-33171",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2020-13785",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006038",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13785",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006038",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33171",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-332",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-13785",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13785",
            trust: 3.1,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   id: "VAR-202006-0144",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.589000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L encryption problem vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221787",
         },
         {
            title: "D-Link DIR-865L Fixes for encryption problem vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120236",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2020-13785 ",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-326",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13785",
         },
         {
            trust: 1.7,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.7,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13785",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/326.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2020-13785",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            date: "2020-06-03T17:15:25.247000",
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            date: "2022-09-02T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13785",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006038",
         },
         {
            date: "2022-09-02T15:42:02.727000",
            db: "NVD",
            id: "CVE-2020-13785",
         },
         {
            date: "2020-06-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L encryption problem vulnerability",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33171",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
      trust: 1.2,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "encryption problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-332",
         },
      ],
      trust: 0.6,
   },
}

var-201803-1767
Vulnerability from variot

XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1767",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-860l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw110b04",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw112b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-860l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir860la1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir-865l_reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir868la1_fw112b04",
         },
         {
            model: "dir-868l <=dir868la1 fw112b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-865l <=dir-865l reva patch 1.08.b01",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l <=dir860la1 fw110b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw112b04",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw110b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "reva_firmware_patch_1.08.b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw112b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
      ],
   },
   cve: "CVE-2018-6528",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-6528",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2018-06629",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-136560",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 2.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.1,
                  baseSeverity: "Medium",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2018-6528",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-6528",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2018-06629",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201803-151",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-136560",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-6528",
            trust: 3.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
            trust: 0.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   id: "VAR-201803-1767",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
      ],
      trust: 1.5752999514285713,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
      ],
   },
   last_update_date: "2023-12-18T13:19:10.493000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-860L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            title: "DIR-865L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            title: "DIR-868L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability (CVE-2018-6528)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/124013",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.3,
            url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6528",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-6528",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            date: "2018-03-06T20:29:00.843000",
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            date: "2018-03-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06629",
         },
         {
            date: "2018-03-27T00:00:00",
            db: "VULHUB",
            id: "VHN-136560",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
         {
            date: "2023-11-08T21:18:30.427000",
            db: "NVD",
            id: "CVE-2018-6528",
         },
         {
            date: "2023-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  D-Link Product cross-site scripting vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-002679",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-151",
         },
      ],
      trust: 0.6,
   },
}

var-202006-1853
Vulnerability from variot

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1853",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
      ],
   },
   cve: "CVE-2020-13784",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006054",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-33170",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006054",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13784",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006054",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33170",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-331",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13784",
            trust: 3,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   id: "VAR-202006-1853",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.562000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L security feature issue vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221789",
         },
         {
            title: "D-Link DIR-865L Fixing measures for security feature vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120235",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-335",
            trust: 1,
         },
         {
            problemtype: "CWE-338",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13784",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.6,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13784",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            date: "2020-06-03T17:15:25.153000",
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33170",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
         {
            date: "2021-12-13T19:21:50.177000",
            db: "NVD",
            id: "CVE-2020-13784",
         },
         {
            date: "2021-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Cryptographic weakness on the device  PRNG Vulnerability in using",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006054",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "security feature problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-331",
         },
      ],
      trust: 0.6,
   },
}

var-202006-0145
Vulnerability from variot

D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0145",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
      ],
   },
   cve: "CVE-2020-13786",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 6.8,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006039",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2020-33172",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-13786",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006039",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13786",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006039",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33172",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-334",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-13786",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
      ],
      trust: 1.26,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13786",
            trust: 3.1,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   id: "VAR-202006-0145",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.508000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L Cross-Site Request Forgery Vulnerability (CNVD-2020-33172)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221785",
         },
         {
            title: "D-Link DIR-865L Fixes for cross-site request forgery vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120237",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2020-13786 ",
         },
         {
            title: "Threatpost",
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-352",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13786",
         },
         {
            trust: 1.7,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.7,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13786",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/352.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2020-13786",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            date: "2020-06-03T17:15:25.387000",
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33172",
         },
         {
            date: "2022-09-02T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13786",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
         {
            date: "2022-09-02T15:41:46.040000",
            db: "NVD",
            id: "CVE-2020-13786",
         },
         {
            date: "2020-06-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax Beta Cross-site request forgery vulnerability in device",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006039",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "cross-site request forgery",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-334",
         },
      ],
      trust: 0.6,
   },
}

var-202009-0817
Vulnerability from variot

webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0817",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-816l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "2.06",
         },
         {
            model: "dir-645",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.06b01",
         },
         {
            model: "dir-860l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.10b04",
         },
         {
            model: "dir-803",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.04.b02",
         },
         {
            model: "dir-815",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "2.07.b01",
         },
         {
            model: "dir-816l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "2.06.b09",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.08b01",
         },
         {
            model: "dir-803 1.04.b02",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-816l 2.06.b09 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   cve: "CVE-2020-25786",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2020-59764",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-25786",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 2.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-25786",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-59764",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202009-1261",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-25786",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
         },
      ],
      trust: 1.53,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-25786",
            trust: 2.3,
         },
         {
            db: "DLINK",
            id: "SAP10190",
            trust: 1.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   id: "VAR-202009-0817",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
      ],
      trust: 1.28161163,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
      ],
   },
   last_update_date: "2024-05-17T23:12:39.331000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Patch for D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/237805",
         },
         {
            title: "D-Link DIR-816L  and  DIR-803 Fixes for cross-site scripting vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128929",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://github.com/sek1th/iot/blob/master/dir-816l_xss.md",
         },
         {
            trust: 1.7,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10190",
         },
         {
            trust: 1.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-25786",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/79.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-09-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            date: "2020-09-19T00:00:00",
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            date: "2020-09-19T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            date: "2020-09-19T20:15:11.903000",
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-11-01T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
         {
            date: "2021-04-23T00:00:00",
            db: "VULMON",
            id: "CVE-2020-25786",
         },
         {
            date: "2020-10-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
         {
            date: "2024-05-17T01:46:24",
            db: "NVD",
            id: "CVE-2020-25786",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-59764",
         },
      ],
      trust: 0.6,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202009-1261",
         },
      ],
      trust: 0.6,
   },
}

var-201910-1347
Vulnerability from variot

D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.

A security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1347",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: null,
            trust: 1.4,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1.2,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
      ],
   },
   cve: "CVE-2013-4855",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.9,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 5.5,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Adjacent Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 7.9,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2013-4855",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 9.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2019-39548",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2013-4855",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2013-4855",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2019-39548",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201910-1498",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2013-4855",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nA security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root",
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2013-4855",
            trust: 3.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   id: "VAR-201910-1347",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
      ],
      trust: 1.1744681,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
      ],
   },
   last_update_date: "2023-12-18T11:59:20.947000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.dlink.com/en/consumer",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-22",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
         },
         {
            trust: 2.5,
            url: "https://www.ise.io/soho_service_hacks/",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2013-4855",
         },
         {
            trust: 1.7,
            url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4855",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/22.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            date: "2019-10-25T00:00:00",
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            date: "2019-11-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            date: "2019-10-25T16:15:10.350000",
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            date: "2019-10-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            date: "2019-10-29T00:00:00",
            db: "VULMON",
            id: "CVE-2013-4855",
         },
         {
            date: "2019-11-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            date: "2023-04-26T19:27:52.350000",
            db: "NVD",
            id: "CVE-2013-4855",
         },
         {
            date: "2019-10-30T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L path traversal vulnerability",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39548",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006860",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
      trust: 2,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "path traversal",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1498",
         },
      ],
      trust: 0.6,
   },
}

var-201803-1769
Vulnerability from variot

OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \342\200\230service\342\200\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1769",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-860l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw110b04",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw112b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-880l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "reva_firmware_patch_1.08b04",
         },
         {
            model: "dir-860l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir860la1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir-865l_reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir868la1_fw112b04",
         },
         {
            model: "dir-880l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir-880l_reva_firmware_patch_1.08b04",
         },
         {
            model: "dir-880l <dir-880l reva patch 1.08b04",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-860l <=dir860la1 fw110b04",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l <=dir-865l reva patch 1.08.b01",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-860l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw112b04",
         },
         {
            model: "dir-880l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "reva_firmware_patch_1.08b04",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw110b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "reva_firmware_patch_1.08.b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw112b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "reva_firmware_patch_1.08b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
      ],
   },
   cve: "CVE-2018-6530",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: true,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 10,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2018-6530",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CNVD-2018-06671",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "VHN-136562",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2018-6530",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-6530",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2018-06671",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201803-149",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-136562",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2018-6530",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \\342\\200\\230service\\342\\200\\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_ ",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-6530",
            trust: 3.2,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   id: "VAR-201803-1769",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
      ],
      trust: 1.525419932,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
      ],
   },
   last_update_date: "2023-12-18T12:02:27.752000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-860L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            title: "DIR-865L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            title: "DIR-868L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            title: "DIR-880L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf",
         },
         {
            title: "Patches for multiple D-Link product operating system command injection vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/124231",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto ",
         },
         {
            title: "EQUAFL_setup\nUSAGE\nEQUAFL++\nAFLPlusplus\nServer\nCOMMAND INJECTION INFO\nroot cause analysis",
            trust: 0.1,
            url: "https://github.com/zyw-200/equafl_setup ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-78",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6530",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-6530",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/78.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/zyw-200/equafl_setup",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            date: "2018-03-06T20:29:00.987000",
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            date: "2018-03-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06671",
         },
         {
            date: "2018-03-27T00:00:00",
            db: "VULHUB",
            id: "VHN-136562",
         },
         {
            date: "2023-11-08T00:00:00",
            db: "VULMON",
            id: "CVE-2018-6530",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
         {
            date: "2023-11-08T21:19:01.743000",
            db: "NVD",
            id: "CVE-2018-6530",
         },
         {
            date: "2023-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  D-Link In product  OS Command injection vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-002681",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "operating system commend injection",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-149",
         },
      ],
      trust: 0.6,
   },
}

var-201803-1768
Vulnerability from variot

XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1768",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-860l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw110b04",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw112b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-860l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir860la1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir-865l_reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir868la1_fw112b04",
         },
         {
            model: "dir-868l <=dir868la1 fw112b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-865l <=dir-865l reva patch 1.08.b01",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l <=dir860la1 fw110b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw112b04",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw110b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "reva_firmware_patch_1.08.b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw112b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
      ],
   },
   cve: "CVE-2018-6529",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-6529",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2018-06597",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-136561",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 2.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.1,
                  baseSeverity: "Medium",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2018-6529",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-6529",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2018-06597",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201803-150",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-136561",
                  trust: 0.1,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2018-6529",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-6529",
            trust: 3.2,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
            trust: 0.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   id: "VAR-201803-1768",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
      ],
      trust: 1.5752999514285713,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
      ],
   },
   last_update_date: "2023-12-18T12:18:59.676000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-860L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            title: "DIR-865L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            title: "DIR-868L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/123967",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            trust: 1.2,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6529",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-6529",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/79.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-28T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            date: "2018-03-06T20:29:00.907000",
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            date: "2018-03-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-28T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06597",
         },
         {
            date: "2018-03-27T00:00:00",
            db: "VULHUB",
            id: "VHN-136561",
         },
         {
            date: "2018-03-27T00:00:00",
            db: "VULMON",
            id: "CVE-2018-6529",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
         {
            date: "2023-11-08T21:18:46.963000",
            db: "NVD",
            id: "CVE-2018-6529",
         },
         {
            date: "2023-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  D-Link Product cross-site scripting vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-002680",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-150",
         },
      ],
      trust: 0.6,
   },
}

var-201910-1348
Vulnerability from variot

D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1348",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: null,
            trust: 1.4,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1.2,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
      ],
   },
   cve: "CVE-2013-4856",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 2.9,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 5.5,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "LOW",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Adjacent Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 2.9,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2013-4856",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Low",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "ADJACENT_NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 2.9,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 5.5,
                  id: "CNVD-2019-39545",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "LOW",
                  trust: 0.6,
                  vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Adjacent Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.5,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2013-4856",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2013-4856",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2019-39545",
                  trust: 0.6,
                  value: "LOW",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201910-1500",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component",
      sources: [
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2013-4856",
            trust: 3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   id: "VAR-201910-1348",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
      ],
      trust: 1.1744681,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
      ],
   },
   last_update_date: "2023-12-18T14:00:47.200000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.dlink.com/en/consumer",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-200",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
         },
         {
            trust: 2.4,
            url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2013-4856",
         },
         {
            trust: 1.6,
            url: "https://www.ise.io/soho_service_hacks/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4856",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            date: "2019-11-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            date: "2019-10-25T16:15:10.427000",
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            date: "2019-10-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-11-07T00:00:00",
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            date: "2019-11-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2013-006861",
         },
         {
            date: "2023-04-26T19:27:52.350000",
            db: "NVD",
            id: "CVE-2013-4856",
         },
         {
            date: "2019-10-30T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote or local",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Information Disclosure Vulnerability",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2019-39545",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
      trust: 1.2,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "information disclosure",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201910-1500",
         },
      ],
      trust: 0.6,
   },
}

var-202006-1852
Vulnerability from variot

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1852",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
      ],
   },
   cve: "CVE-2020-13787",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006040",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-33173",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2020-13787",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006040",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13787",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006040",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33173",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-335",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2020-13787",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13787",
            trust: 3.1,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   id: "VAR-202006-1852",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.618000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L Information Disclosure Vulnerability (CNVD-2020-33173)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221781",
         },
         {
            title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120238",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-319",
            trust: 1,
         },
         {
            problemtype: "CWE-200",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13787",
         },
         {
            trust: 1.7,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.7,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13787",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/200.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            date: "2020-06-03T17:15:25.543000",
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33173",
         },
         {
            date: "2020-06-17T00:00:00",
            db: "VULMON",
            id: "CVE-2020-13787",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
         {
            date: "2021-12-13T19:22:32.657000",
            db: "NVD",
            id: "CVE-2020-13787",
         },
         {
            date: "2021-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax Beta Information leakage vulnerabilities in devices",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006040",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "information disclosure",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-335",
         },
      ],
      trust: 0.6,
   },
}

var-201803-1766
Vulnerability from variot

XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1766",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-860l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw110b04",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "a1_fw112b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-860l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir860la1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir-865l_reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 0.8,
            vendor: "d link",
            version: "dir868la1_fw112b04",
         },
         {
            model: "dir-868l <=dir868la1 fw112b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-865l <=dir-865l reva patch 1.08.b01",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l <=dir860la1 fw110b04",
            scope: null,
            trust: 0.6,
            vendor: "345 217 213 350 256 257 347 247 221 346 212 200",
            version: null,
         },
         {
            model: "dir-860l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw110b04",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "reva_firmware_patch_1.08.b01",
         },
         {
            model: "dir-868l",
            scope: "eq",
            trust: 0.6,
            vendor: "d link",
            version: "a1_fw112b04",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw110b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "reva_firmware_patch_1.08.b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "a1_fw112b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
      ],
   },
   cve: "CVE-2018-6527",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-6527",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2018-06630",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-136559",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 2.8,
                  impactScore: 2.7,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.1,
                  baseSeverity: "Medium",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2018-6527",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Changed",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-6527",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2018-06630",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201803-152",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-136559",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-6527",
            trust: 3.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
            trust: 0.7,
         },
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   id: "VAR-201803-1766",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
      ],
      trust: 1.5752999514285713,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
      ],
   },
   last_update_date: "2023-12-18T12:44:09.202000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-860L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            title: "DIR-865L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            title: "DIR-868L Firmware Patch Notes",
            trust: 0.8,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/124005",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-79",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.3,
            url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf",
         },
         {
            trust: 1.1,
            url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6527",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-6527",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            date: "2018-03-06T00:00:00",
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            date: "2018-03-06T20:29:00.780000",
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            date: "2018-03-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-03-29T00:00:00",
            db: "CNVD",
            id: "CNVD-2018-06630",
         },
         {
            date: "2018-03-27T00:00:00",
            db: "VULHUB",
            id: "VHN-136559",
         },
         {
            date: "2018-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
         {
            date: "2023-11-08T21:18:08.193000",
            db: "NVD",
            id: "CVE-2018-6527",
         },
         {
            date: "2023-04-27T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  D-Link Product cross-site scripting vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-002678",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "XSS",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201803-152",
         },
      ],
      trust: 0.6,
   },
}

var-202001-0381
Vulnerability from variot

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0381",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-818lx",
            scope: "eq",
            trust: 2.2,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-822",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "2.03b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "2.05b02",
         },
         {
            model: "dir-869",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.03b02",
         },
         {
            model: "dir-822",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "3.12b04",
         },
         {
            model: "dir-823",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.00b06",
         },
         {
            model: "dir-895r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b10",
         },
         {
            model: "dir-880l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.08b04",
         },
         {
            model: "dir-890r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-859",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.05b03",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.07b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b04",
         },
         {
            model: "dir-885l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b05",
         },
         {
            model: "dir-885r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b05",
         },
         {
            model: "dir-859",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.06b01",
         },
         {
            model: "dir-895l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b10",
         },
         {
            model: "dir-822",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-823",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-859",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-868l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-869",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-880l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-890l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-890r",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-859 <1.07b03 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-895l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-869",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-895r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-885l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-885r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.05b03",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.03b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "3.12b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.00b06",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.07b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.05b02",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.03b02",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.08b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.11b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.11b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b10",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b10",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
      ],
   },
   cve: "CVE-2019-20213",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2019-20213",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-04703",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2019-20213",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-20213",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-04703",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202001-005",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-20213",
            trust: 3,
         },
         {
            db: "DLINK",
            id: "SAP10147",
            trust: 1.6,
         },
         {
            db: "DLINK",
            id: "SAP10146",
            trust: 1.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   id: "VAR-202001-0381",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
      ],
      trust: 1.2653324279999998,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
      ],
   },
   last_update_date: "2023-12-18T12:27:47.122000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "SAP10146",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146",
         },
         {
            title: "SAP10147",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147",
         },
         {
            title: "Patch for D-Link DIR-859 Information Disclosure Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/200127",
         },
         {
            title: "D-Link DIR-859 Repair measures for information disclosure vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108253",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-74",
            trust: 1,
         },
         {
            problemtype: "CWE-863",
            trust: 1,
         },
         {
            problemtype: "CWE-200",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-20213",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147",
         },
         {
            trust: 1,
            url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
         },
         {
            trust: 1,
            url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20213",
         },
         {
            trust: 0.6,
            url: "https://medium.com/@s1kr10s/d",
         },
         {
            trust: 0.6,
            url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
         },
         {
            trust: 0.6,
            url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-02-12T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            date: "2020-01-31T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            date: "2020-01-02T14:16:36.533000",
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            date: "2020-01-02T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-02-12T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-04703",
         },
         {
            date: "2020-01-31T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
         {
            date: "2023-11-07T03:08:40.733000",
            db: "NVD",
            id: "CVE-2019-20213",
         },
         {
            date: "2020-01-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202001-005",
         },
      ],
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-859 Router Information Disclosure Vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-014085",
         },
      ],
      trust: 0.8,
   },
}

var-202006-1854
Vulnerability from variot

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1854",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-865l",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.20b01",
         },
         {
            model: "dir-865l",
            scope: "eq",
            trust: 0.8,
            vendor: "d link",
            version: "1.20b01",
         },
         {
            model: "dir-865l ax 1.20b01 beta",
            scope: null,
            trust: 0.6,
            vendor: "d link",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
      ],
   },
   cve: "CVE-2020-13783",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006053",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-33169",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-006053",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-13783",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-006053",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-33169",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202006-330",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-13783",
            trust: 3,
         },
         {
            db: "DLINK",
            id: "SAP10174",
            trust: 1.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   id: "VAR-202006-1854",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
      ],
      trust: 1.38723405,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
      ],
   },
   last_update_date: "2023-12-18T12:35:28.682000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            title: "Patch for D-Link DIR-865L information disclosure vulnerability (CNVD-2020-33169)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/221783",
         },
         {
            title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120234",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-312",
            trust: 1,
         },
         {
            problemtype: "CWE-200",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-13783",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174",
         },
         {
            trust: 1.6,
            url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13783",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            date: "2020-06-03T17:15:25.060000",
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            date: "2020-06-03T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-06-16T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-33169",
         },
         {
            date: "2020-06-29T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
         {
            date: "2021-12-13T19:19:17.343000",
            db: "NVD",
            id: "CVE-2020-13783",
         },
         {
            date: "2021-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-865L Information leakage vulnerabilities in devices",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-006053",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "information disclosure",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202006-330",
         },
      ],
      trust: 0.6,
   },
}

var-201912-1012
Vulnerability from variot

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation.

A remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1012",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "dir-818lx",
            scope: "eq",
            trust: 2.2,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890r",
            scope: "eq",
            trust: 1.6,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-890l",
            scope: "eq",
            trust: 1.6,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-890l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-822",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "2.03b01",
         },
         {
            model: "dir-822",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "3.12b04",
         },
         {
            model: "dir-823",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.00b06",
         },
         {
            model: "dir-869",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.03b02",
         },
         {
            model: "dir-895r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b10",
         },
         {
            model: "dir-890r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.11b01",
         },
         {
            model: "dir-859",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.05b03",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b04",
         },
         {
            model: "dir-885l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b05",
         },
         {
            model: "dir-859",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.06b01",
         },
         {
            model: "dir-868l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "2.05b02",
         },
         {
            model: "dir-869",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.03b02",
         },
         {
            model: "dir-823",
            scope: "eq",
            trust: 1,
            vendor: "dlink",
            version: "1.00b06",
         },
         {
            model: "dir-880l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.08b04",
         },
         {
            model: "dir-885r",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b05",
         },
         {
            model: "dir-865l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.07b01",
         },
         {
            model: "dir-895l",
            scope: "lte",
            trust: 1,
            vendor: "dlink",
            version: "1.12b10",
         },
         {
            model: "dir-822",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-823",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-859",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-865l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-868l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-869",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-880l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-885l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-890l",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-890r",
            scope: null,
            trust: 0.8,
            vendor: "d link",
            version: null,
         },
         {
            model: "dir-859 v1.06b01 beta01",
            scope: null,
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-895l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-890r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-895r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-885l",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
         {
            model: "dir-885r",
            scope: "eq",
            trust: 0.6,
            vendor: "dlink",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.05b03",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.03b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "3.12b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.00b06",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.07b01",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.05b02",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.03b02",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.08b04",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.11b01",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.11b01",
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b05",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b10",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.12b10",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Miguel Mendez Z, Pablo Pollanco P",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2019-17621",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 10,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2019-17621",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-03900",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2019-17621",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-17621",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-03900",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201912-1224",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-17621",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation. \n\r\n\r\nA remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-17621",
            trust: 3.1,
         },
         {
            db: "PACKETSTORM",
            id: "156054",
            trust: 1.6,
         },
         {
            db: "DLINK",
            id: "SAP10146",
            trust: 1.6,
         },
         {
            db: "DLINK",
            id: "SAP10147",
            trust: 1.6,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   id: "VAR-201912-1012",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
      ],
      trust: 1.2653324279999998,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
      ],
   },
   last_update_date: "2023-12-26T00:14:59.426000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "SAP10146",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146",
         },
         {
            title: "SAP10147",
            trust: 0.8,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147",
         },
         {
            title: "Security Bulletin",
            trust: 0.8,
            url: "https://www.dlink.com/en/security-bulletin",
         },
         {
            title: "Command execution vulnerability in DLINKDIR-859 router v1.06B01 BETA01",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/195823",
         },
         {
            title: "D-Link DIR-859 Fixes for operating system command injection vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106703",
         },
         {
            title: "IoT-vulhub",
            trust: 0.1,
            url: "https://github.com/vulntotal-team/iot-vulhub ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-78",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.6,
            url: "http://packetstormsecurity.com/files/156054/d-link-dir-859-unauthenticated-remote-command-execution.html",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146",
         },
         {
            trust: 1.6,
            url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147",
         },
         {
            trust: 1.6,
            url: "https://www.dlink.com/en/security-bulletin",
         },
         {
            trust: 1.6,
            url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-17621",
         },
         {
            trust: 1,
            url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
         },
         {
            trust: 1,
            url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17621",
         },
         {
            trust: 0.6,
            url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
         },
         {
            trust: 0.6,
            url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-02-14T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            date: "2019-12-30T00:00:00",
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            date: "2020-01-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            date: "2019-12-30T17:15:19.857000",
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            date: "2019-12-30T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-02-12T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-03900",
         },
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2019-17621",
         },
         {
            date: "2020-01-21T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
         {
            date: "2023-11-07T03:06:23.510000",
            db: "NVD",
            id: "CVE-2019-17621",
         },
         {
            date: "2020-02-12T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "D-Link DIR-859 Wi-Fi At the router  OS Command injection vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-013893",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "operating system commend injection",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201912-1224",
         },
      ],
      trust: 0.6,
   },
}

cve-2019-20213
Vulnerability from cvelistv5
Published
2020-01-02 01:03
Modified
2024-08-05 02:39
Severity ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:39:09.121Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-02T01:03:16",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20213",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20213",
      datePublished: "2020-01-02T01:03:16",
      dateReserved: "2020-01-02T00:00:00",
      dateUpdated: "2024-08-05T02:39:09.121Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6528
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.230Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6528",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6528",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.230Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6527
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.079Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6527",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6527",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.079Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13786
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.536Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:47",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13786",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13786",
      datePublished: "2020-06-03T16:22:45",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13787
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.544Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:49",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13787",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13787",
      datePublished: "2020-06-03T16:22:36",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.544Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-17621
Vulnerability from cvelistv5
Published
2019-12-30 16:09
Modified
2025-02-04 20:34
Severity ?
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:47:13.504Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dlink.com/en/security-bulletin",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2019-17621",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T20:33:59.746115Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2023-06-29",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T20:34:06.306Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-22T18:06:22.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dlink.com/en/security-bulletin",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-17621",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
                     refsource: "MISC",
                     url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
                  },
                  {
                     name: "https://www.dlink.com/en/security-bulletin",
                     refsource: "MISC",
                     url: "https://www.dlink.com/en/security-bulletin",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                     refsource: "CONFIRM",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                     refsource: "CONFIRM",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-17621",
      datePublished: "2019-12-30T16:09:17.000Z",
      dateReserved: "2019-10-16T00:00:00.000Z",
      dateUpdated: "2025-02-04T20:34:06.306Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4857
Vulnerability from cvelistv5
Published
2019-10-25 15:36
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.685Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:36:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4857",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4857",
      datePublished: "2019-10-25T15:36:13",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.685Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6530
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2025-02-04 20:36
Severity ?
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.174Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2018-6530",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T20:36:36.248676Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-09-08",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T20:36:49.671Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6530",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6530",
      datePublished: "2018-03-06T20:00:00.000Z",
      dateReserved: "2018-02-02T00:00:00.000Z",
      dateUpdated: "2025-02-04T20:36:49.671Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6529
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.135Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6529",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6529",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4856
Vulnerability from cvelistv5
Published
2019-10-25 15:44
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has Information Disclosure.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.522Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has Information Disclosure.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:44:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4856",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has Information Disclosure.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
                  {
                     name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                     refsource: "MISC",
                     url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4856",
      datePublished: "2019-10-25T15:44:11",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.522Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.997Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-19T19:24:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
            },
         ],
         tags: [
            "unsupported-when-assigned",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-25786",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
                  },
                  {
                     name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
                     refsource: "MISC",
                     url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-25786",
      datePublished: "2020-09-19T19:24:09",
      dateReserved: "2020-09-19T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13783
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.568Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:41",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13783",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13783",
      datePublished: "2020-06-03T16:23:09",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.568Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13782
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.596Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:37",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13782",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13782",
      datePublished: "2020-06-03T16:23:19",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.596Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4855
Vulnerability from cvelistv5
Published
2019-10-25 15:47
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.978Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:47:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4855",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
                  {
                     name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                     refsource: "MISC",
                     url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4855",
      datePublished: "2019-10-25T15:47:43",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13785
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.489Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:45",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13785",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13785",
      datePublished: "2020-06-03T16:22:52",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.489Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13784
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.478Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13784",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13784",
      datePublished: "2020-06-03T16:23:00",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.478Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro receiver manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6528",
   lastModified: "2024-11-21T04:10:50.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.843",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro Treturn manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6529",
   lastModified: "2024-11-21T04:10:50.547",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.907",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Fortaleza de Cifrado Inadecuada.",
      },
   ],
   id: "CVE-2020-13785",
   lastModified: "2024-11-21T05:01:51.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.247",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-326",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Severity ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta una inclusión de archivos PHP en el archivo xml del enrutador.",
      },
   ],
   id: "CVE-2013-4857",
   lastModified: "2024-11-21T01:56:34.550",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.490",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-91",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten una Inyección de Comandos.",
      },
   ],
   id: "CVE-2020-13782",
   lastModified: "2024-11-21T05:01:50.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:24.997",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Transmisión de Información Confidencial en Texto Sin Cifrar.",
      },
   ],
   id: "CVE-2020-13787",
   lastModified: "2024-11-21T05:01:51.387",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.543",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-319",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten un ataque de tipo CSRF.",
      },
   ],
   id: "CVE-2020-13786",
   lastModified: "2024-11-21T05:01:51.240",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.387",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta un Salto de Enlace Simbólico de SMB, debido a una configuración inapropiada en el servicio SMB permitiendo la creación de enlaces simbólicos en ubicaciones fuera del recurso compartido Samba.",
      },
   ],
   id: "CVE-2013-4855",
   lastModified: "2024-11-21T01:56:33.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.350",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
                     versionEndIncluding: "1.05b03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
                     versionEndIncluding: "2.03b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629",
                     versionEndIncluding: "3.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134",
                     versionEndIncluding: "1.00b06",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422",
                     versionEndIncluding: "1.07b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923",
                     versionEndIncluding: "1.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
                     versionEndIncluding: "2.05b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A",
                     versionEndIncluding: "1.03b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
                     versionEndIncluding: "1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
      },
      {
         lang: "es",
         value: "Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php.",
      },
   ],
   id: "CVE-2019-20213",
   lastModified: "2024-11-21T04:38:13.213",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-02T14:16:36.533",
   references: [
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-74",
            },
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*",
                     matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*",
                     matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [
      {
         sourceIdentifier: "cve@mitre.org",
         tags: [
            "unsupported-when-assigned",
         ],
      },
   ],
   descriptions: [
      {
         lang: "en",
         value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header",
      },
      {
         lang: "es",
         value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer.&#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor.&#xa0;NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario",
      },
   ],
   id: "CVE-2020-25786",
   lastModified: "2024-11-21T05:18:46.167",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-19T20:15:11.903",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro deviceid manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6527",
   lastModified: "2024-11-21T04:10:50.220",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.780",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan un seed predecible en un Generador de Números Pseudoaleatorios.",
      },
   ],
   id: "CVE-2020-13784",
   lastModified: "2024-11-21T05:01:50.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.153",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-335",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-30 17:15
Modified
2025-02-04 21:15
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
cve@mitre.orghttp://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
cve@mitre.orghttps://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9Broken Link
cve@mitre.orghttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
cve@mitre.orghttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
cve@mitre.orghttps://www.dlink.com/en/security-bulletinVendor Advisory
cve@mitre.orghttps://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9Broken Link
af854a3a-2127-422b-91ae-364da2661108https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dlink.com/en/security-bulletinVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource



{
   cisaActionDue: "2023-07-20",
   cisaExploitAdd: "2023-06-29",
   cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
   cisaVulnerabilityName: "D-Link DIR-859 Router Command Execution Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
                     versionEndIncluding: "1.05b03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
                     versionEndIncluding: "2.03b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629",
                     versionEndIncluding: "3.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134",
                     versionEndIncluding: "1.00b06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*",
                     matchCriteriaId: "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422",
                     versionEndIncluding: "1.07b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923",
                     versionEndIncluding: "1.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
                     versionEndIncluding: "2.05b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A",
                     versionEndIncluding: "1.03b02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*",
                     matchCriteriaId: "AF693676-C580-44CF-AAC6-6E38658FEAFB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
                     versionEndIncluding: "1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*",
                     matchCriteriaId: "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*",
                     matchCriteriaId: "4C18C9D9-9418-441B-9367-91F86137245C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
      },
      {
         lang: "es",
         value: "La URL de /gena.cgi del endpoint UPnP en el router  Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local.",
      },
   ],
   id: "CVE-2019-17621",
   lastModified: "2025-02-04T21:15:18.170",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2019-12-30T17:15:19.857",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dlink.com/en/security-bulletin",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dlink.com/en/security-bulletin",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Summary
D-Link DIR-865L has Information Disclosure.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has Information Disclosure.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta una divulgación de información.",
      },
   ],
   id: "CVE-2013-4856",
   lastModified: "2024-11-21T01:56:34.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.427",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-02-04 21:15
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
cve@mitre.orgftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orghttps://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-protoExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-protoExploit, Third Party Advisory



{
   cisaActionDue: "2022-09-29",
   cisaExploitAdd: "2022-09-08",
   cisaRequiredAction: "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.",
   cisaVulnerabilityName: "D-Link Multiple Routers OS Command Injection Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E9B68DE-D3A7-4973-9D47-7203B2190F82",
                     versionEndIncluding: "reva_firmware_patch_1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro service.",
      },
   ],
   id: "CVE-2018-6530",
   lastModified: "2025-02-04T21:15:16.167",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.987",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan Almacenamiento de Información Confidencial en Texto Sin Cifrar.",
      },
   ],
   id: "CVE-2020-13783",
   lastModified: "2024-11-21T05:01:50.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.060",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}