Vulnerabilites related to dlink - dir-865l
var-201910-1349
Vulnerability from variot
D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.
An unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1349", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4857", }, ], }, cve: "CVE-2013-4857", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-4857", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2019-39546", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4857", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4857", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2019-39546", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201910-1499", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2013-4857", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nAn unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time", sources: [ { db: "NVD", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4857", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2013-006859", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39546", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1499", trust: 0.6, }, { db: "VULMON", id: "CVE-2013-4857", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, id: "VAR-201910-1349", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, ], }, last_update_date: "2023-12-18T13:43:11.770000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-91", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.5, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4857", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4857", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/91.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39546", }, { date: "2019-10-25T00:00:00", db: "VULMON", id: "CVE-2013-4857", }, { date: "2019-10-31T00:00:00", db: "JVNDB", id: "JVNDB-2013-006859", }, { date: "2019-10-25T16:15:10.490000", db: "NVD", id: "CVE-2013-4857", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39546", }, { date: "2019-10-28T00:00:00", db: "VULMON", id: "CVE-2013-4857", }, { date: "2019-10-31T00:00:00", db: "JVNDB", id: "JVNDB-2013-006859", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4857", }, { date: "2019-10-29T00:00:00", db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201910-1499", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Blind in XPath Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201910-1499", }, ], trust: 0.6, }, }
var-202006-0143
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0143", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13782", }, ], }, cve: "CVE-2020-13782", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006052", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33168", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2020-13782", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006052", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13782", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006052", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-33168", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-328", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13782", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request", sources: [ { db: "NVD", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13782", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006052", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33168", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-328", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13782", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, id: "VAR-202006-0143", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, ], }, last_update_date: "2023-12-18T12:35:28.652000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L operating system command injection vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221791", }, { title: "D-Link DIR-865L Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120232", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13782", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13782", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13782", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33168", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13782", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006052", }, { date: "2020-06-03T17:15:24.997000", db: "NVD", id: "CVE-2020-13782", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33168", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13782", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006052", }, { date: "2022-09-02T15:41:32.800000", db: "NVD", id: "CVE-2020-13782", }, { date: "2022-09-05T00:00:00", db: "CNNVD", id: "CNNVD-202006-328", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L operating system command injection vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 0.6, }, }
var-202006-0144
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0144", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13785", }, ], }, cve: "CVE-2020-13785", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006038", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33171", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-13785", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006038", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13785", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006038", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33171", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-332", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13785", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information", sources: [ { db: "NVD", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13785", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006038", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33171", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-332", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13785", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, id: "VAR-202006-0144", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, ], }, last_update_date: "2023-12-18T12:35:28.589000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L encryption problem vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221787", }, { title: "D-Link DIR-865L Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120236", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13785 ", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-326", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13785", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13785", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/326.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13785", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33171", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13785", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006038", }, { date: "2020-06-03T17:15:25.247000", db: "NVD", id: "CVE-2020-13785", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33171", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13785", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006038", }, { date: "2022-09-02T15:42:02.727000", db: "NVD", id: "CVE-2020-13785", }, { date: "2020-06-18T00:00:00", db: "CNNVD", id: "CNNVD-202006-332", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L encryption problem vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 0.6, }, }
var-201803-1767
Vulnerability from variot
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1767", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6528", }, ], }, cve: "CVE-2018-6528", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6528", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06629", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136560", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6528", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6528", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06629", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-151", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136560", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6528", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6528", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-002679", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-151", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06629", trust: 0.6, }, { db: "VULHUB", id: "VHN-136560", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, id: "VAR-201803-1767", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, ], }, last_update_date: "2023-12-18T13:19:10.493000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability (CVE-2018-6528)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124013", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6528", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6528", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06629", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136560", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002679", }, { date: "2018-03-06T20:29:00.843000", db: "NVD", id: "CVE-2018-6528", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06629", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136560", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002679", }, { date: "2023-11-08T21:18:30.427000", db: "NVD", id: "CVE-2018-6528", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-151", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-151", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002679", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-151", }, ], trust: 0.6, }, }
var-202006-1853
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1853", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13784", }, ], }, cve: "CVE-2020-13784", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006054", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33170", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006054", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13784", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006054", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33170", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-331", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided", sources: [ { db: "NVD", id: "CVE-2020-13784", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "CNVD", id: "CNVD-2020-33170", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13784", trust: 3, }, { db: "DLINK", id: "SAP10174", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-006054", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33170", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-331", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, id: "VAR-202006-1853", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, ], }, last_update_date: "2023-12-18T12:35:28.562000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L security feature issue vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221789", }, { title: "D-Link DIR-865L Fixing measures for security feature vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120235", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-335", trust: 1, }, { problemtype: "CWE-338", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13784", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.6, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13784", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33170", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006054", }, { date: "2020-06-03T17:15:25.153000", db: "NVD", id: "CVE-2020-13784", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33170", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006054", }, { date: "2021-12-13T19:21:50.177000", db: "NVD", id: "CVE-2020-13784", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-331", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-331", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Cryptographic weakness on the device PRNG Vulnerability in using", sources: [ { db: "JVNDB", id: "JVNDB-2020-006054", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "security feature problem", sources: [ { db: "CNNVD", id: "CNNVD-202006-331", }, ], trust: 0.6, }, }
var-202006-0145
Vulnerability from variot
D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0145", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13786", }, ], }, cve: "CVE-2020-13786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006039", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2020-33172", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2020-13786", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006039", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13786", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006039", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33172", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-334", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations", sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "CNVD", id: "CNVD-2020-33172", }, ], trust: 1.26, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13786", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006039", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33172", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-334", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, id: "VAR-202006-0145", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, ], }, last_update_date: "2023-12-18T12:35:28.508000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L Cross-Site Request Forgery Vulnerability (CNVD-2020-33172)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221785", }, { title: "D-Link DIR-865L Fixes for cross-site request forgery vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120237", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13786 ", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13786", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/352.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13786", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33172", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13786", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006039", }, { date: "2020-06-03T17:15:25.387000", db: "NVD", id: "CVE-2020-13786", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33172", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13786", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006039", }, { date: "2022-09-02T15:41:46.040000", db: "NVD", id: "CVE-2020-13786", }, { date: "2020-06-18T00:00:00", db: "CNNVD", id: "CNNVD-202006-334", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-334", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta Cross-site request forgery vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202006-334", }, ], trust: 0.6, }, }
var-202009-0817
Vulnerability from variot
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0817", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-645", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-860l", scope: "eq", trust: 1, vendor: "dlink", version: "1.10b04", }, { model: "dir-803", scope: "eq", trust: 1, vendor: "dlink", version: "1.04.b02", }, { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.08b01", }, { model: "dir-803 1.04.b02", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-816l 2.06.b09 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, cve: "CVE-2020-25786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-59764", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-25786", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2020-25786", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59764", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-25786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2020-25786", }, { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-25786", trust: 2.3, }, { db: "DLINK", id: "SAP10190", trust: 1.7, }, { db: "CNVD", id: "CNVD-2020-59764", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-25786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, id: "VAR-202009-0817", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 1.28161163, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], }, last_update_date: "2024-05-17T23:12:39.331000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237805", }, { title: "D-Link DIR-816L and DIR-803 Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128929", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/sek1th/iot/blob/master/dir-816l_xss.md", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10190", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-25786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2020-09-19T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-09-19T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2020-09-19T20:15:11.903000", db: "NVD", id: "CVE-2020-25786", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-11-01T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2024-05-17T01:46:24", db: "NVD", id: "CVE-2020-25786", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, }
var-201910-1347
Vulnerability from variot
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.
A security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1347", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4855", }, ], }, cve: "CVE-2013-4855", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 5.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2013-4855", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "CNVD-2019-39548", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4855", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4855", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-39548", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201910-1498", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2013-4855", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nA security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root", sources: [ { db: "NVD", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4855", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2013-006860", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39548", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1498", trust: 0.6, }, { db: "VULMON", id: "CVE-2013-4855", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, id: "VAR-201910-1347", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, ], }, last_update_date: "2023-12-18T11:59:20.947000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006860", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.5, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4855", }, { trust: 1.7, url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4855", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39548", }, { date: "2019-10-25T00:00:00", db: "VULMON", id: "CVE-2013-4855", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006860", }, { date: "2019-10-25T16:15:10.350000", db: "NVD", id: "CVE-2013-4855", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39548", }, { date: "2019-10-29T00:00:00", db: "VULMON", id: "CVE-2013-4855", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006860", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4855", }, { date: "2019-10-30T00:00:00", db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L path traversal vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 0.6, }, }
var-201803-1769
Vulnerability from variot
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \342\200\230service\342\200\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1769", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08b04", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-880l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-880l_reva_firmware_patch_1.08b04", }, { model: "dir-880l <dir-880l reva patch 1.08b04", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, { model: "dir-880l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6530", }, ], }, cve: "CVE-2018-6530", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2018-6530", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2018-06671", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-136562", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-6530", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6530", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2018-06671", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201803-149", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-136562", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-6530", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \\342\\200\\230service\\342\\200\\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_ ", sources: [ { db: "NVD", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6530", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2018-002681", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-06671", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201803-149", trust: 0.6, }, { db: "VULHUB", id: "VHN-136562", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-6530", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, id: "VAR-201803-1769", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, ], trust: 1.525419932, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, ], }, last_update_date: "2023-12-18T12:02:27.752000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "DIR-880L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf", }, { title: "Patches for multiple D-Link product operating system command injection vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124231", }, { title: "", trust: 0.1, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto ", }, { title: "EQUAFL_setup\nUSAGE\nEQUAFL++\nAFLPlusplus\nServer\nCOMMAND INJECTION INFO\nroot cause analysis", trust: 0.1, url: "https://github.com/zyw-200/equafl_setup ", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136562", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6530", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6530", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/zyw-200/equafl_setup", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06671", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136562", }, { date: "2018-03-06T00:00:00", db: "VULMON", id: "CVE-2018-6530", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002681", }, { date: "2018-03-06T20:29:00.987000", db: "NVD", id: "CVE-2018-6530", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06671", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136562", }, { date: "2023-11-08T00:00:00", db: "VULMON", id: "CVE-2018-6530", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002681", }, { date: "2023-11-08T21:19:01.743000", db: "NVD", id: "CVE-2018-6530", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-149", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-149", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link In product OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002681", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201803-149", }, ], trust: 0.6, }, }
var-201803-1768
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1768", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6529", }, ], }, cve: "CVE-2018-6529", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6529", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06597", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136561", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6529", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6529", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06597", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-150", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136561", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-6529", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6529", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2018-002680", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-150", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06597", trust: 0.6, }, { db: "VULHUB", id: "VHN-136561", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-6529", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, id: "VAR-201803-1768", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, ], }, last_update_date: "2023-12-18T12:18:59.676000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/123967", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136561", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6529", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6529", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-28T00:00:00", db: "CNVD", id: "CNVD-2018-06597", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136561", }, { date: "2018-03-06T00:00:00", db: "VULMON", id: "CVE-2018-6529", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002680", }, { date: "2018-03-06T20:29:00.907000", db: "NVD", id: "CVE-2018-6529", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-28T00:00:00", db: "CNVD", id: "CNVD-2018-06597", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136561", }, { date: "2018-03-27T00:00:00", db: "VULMON", id: "CVE-2018-6529", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002680", }, { date: "2023-11-08T21:18:46.963000", db: "NVD", id: "CVE-2018-6529", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-150", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-150", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002680", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-150", }, ], trust: 0.6, }, }
var-201910-1348
Vulnerability from variot
D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1348", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4856", }, ], }, cve: "CVE-2013-4856", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-4856", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2019-39545", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4856", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4856", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2019-39545", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201910-1500", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component", sources: [ { db: "NVD", id: "CVE-2013-4856", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "CNVD", id: "CNVD-2019-39545", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4856", trust: 3, }, { db: "JVNDB", id: "JVNDB-2013-006861", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39545", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1500", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, id: "VAR-201910-1348", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, ], }, last_update_date: "2023-12-18T14:00:47.200000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006861", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.4, url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4856", }, { trust: 1.6, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4856", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39545", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006861", }, { date: "2019-10-25T16:15:10.427000", db: "NVD", id: "CVE-2013-4856", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39545", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006861", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4856", }, { date: "2019-10-30T00:00:00", db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 0.6, }, }
var-202006-1852
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1852", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13787", }, ], }, cve: "CVE-2020-13787", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006040", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33173", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-13787", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006040", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13787", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006040", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33173", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-335", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13787", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic", sources: [ { db: "NVD", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13787", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006040", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33173", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-335", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13787", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, id: "VAR-202006-1852", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, ], }, last_update_date: "2023-12-18T12:35:28.618000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L Information Disclosure Vulnerability (CNVD-2020-33173)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221781", }, { title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120238", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-319", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13787", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13787", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33173", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13787", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006040", }, { date: "2020-06-03T17:15:25.543000", db: "NVD", id: "CVE-2020-13787", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33173", }, { date: "2020-06-17T00:00:00", db: "VULMON", id: "CVE-2020-13787", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006040", }, { date: "2021-12-13T19:22:32.657000", db: "NVD", id: "CVE-2020-13787", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-335", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-335", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-006040", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202006-335", }, ], trust: 0.6, }, }
var-201803-1766
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1766", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6527", }, ], }, cve: "CVE-2018-6527", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6527", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06630", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136559", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6527", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6527", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06630", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-152", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136559", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6527", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6527", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-002678", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-152", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06630", trust: 0.6, }, { db: "VULHUB", id: "VHN-136559", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, id: "VAR-201803-1766", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, ], }, last_update_date: "2023-12-18T12:44:09.202000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124005", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6527", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6527", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06630", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136559", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002678", }, { date: "2018-03-06T20:29:00.780000", db: "NVD", id: "CVE-2018-6527", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06630", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136559", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002678", }, { date: "2023-11-08T21:18:08.193000", db: "NVD", id: "CVE-2018-6527", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-152", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-152", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002678", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-152", }, ], trust: 0.6, }, }
var-202001-0381
Vulnerability from variot
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0381", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-818lx", scope: "eq", trust: 2.2, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2.03b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "2.05b02", }, { model: "dir-869", scope: "lte", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "3.12b04", }, { model: "dir-823", scope: "lte", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-895r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "1.08b04", }, { model: "dir-890r", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-859", scope: "lte", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "1.07b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b04", }, { model: "dir-885l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-885r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-859", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-895l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-823", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-865l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-868l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-869", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-880l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890r", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859 <1.07b03 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-895l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-869", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-885l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.05b03", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.03b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.00b06", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.07b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.05b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.03b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-20213", }, ], }, cve: "CVE-2019-20213", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-20213", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-04703", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-20213", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-20213", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2020-04703", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202001-005", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a", sources: [ { db: "NVD", id: "CVE-2019-20213", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "CNVD", id: "CNVD-2020-04703", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20213", trust: 3, }, { db: "DLINK", id: "SAP10147", trust: 1.6, }, { db: "DLINK", id: "SAP10146", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2019-014085", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-04703", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202001-005", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, id: "VAR-202001-0381", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, ], trust: 1.2653324279999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, ], }, last_update_date: "2023-12-18T12:27:47.122000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP10146", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { title: "SAP10147", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { title: "Patch for D-Link DIR-859 Information Disclosure Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/200127", }, { title: "D-Link DIR-859 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108253", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1, }, { problemtype: "CWE-863", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20213", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20213", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-04703", }, { date: "2020-01-31T00:00:00", db: "JVNDB", id: "JVNDB-2019-014085", }, { date: "2020-01-02T14:16:36.533000", db: "NVD", id: "CVE-2019-20213", }, { date: "2020-01-02T00:00:00", db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-04703", }, { date: "2020-01-31T00:00:00", db: "JVNDB", id: "JVNDB-2019-014085", }, { date: "2023-11-07T03:08:40.733000", db: "NVD", id: "CVE-2019-20213", }, { date: "2020-01-03T00:00:00", db: "CNNVD", id: "CNNVD-202001-005", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 Router Information Disclosure Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-014085", }, ], trust: 0.8, }, }
var-202006-1854
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1854", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13783", }, ], }, cve: "CVE-2020-13783", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006053", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33169", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006053", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13783", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006053", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33169", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-330", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text", sources: [ { db: "NVD", id: "CVE-2020-13783", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "CNVD", id: "CNVD-2020-33169", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13783", trust: 3, }, { db: "DLINK", id: "SAP10174", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-006053", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33169", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-330", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, id: "VAR-202006-1854", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, ], }, last_update_date: "2023-12-18T12:35:28.682000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L information disclosure vulnerability (CNVD-2020-33169)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221783", }, { title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120234", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-312", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13783", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.6, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13783", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33169", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006053", }, { date: "2020-06-03T17:15:25.060000", db: "NVD", id: "CVE-2020-13783", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33169", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006053", }, { date: "2021-12-13T19:19:17.343000", db: "NVD", id: "CVE-2020-13783", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-330", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-330", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-006053", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202006-330", }, ], trust: 0.6, }, }
var-201912-1012
Vulnerability from variot
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation.
A remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1012", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-818lx", scope: "eq", trust: 2.2, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 1.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-890l", scope: "eq", trust: 1.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-890l", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2.03b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "3.12b04", }, { model: "dir-823", scope: "lte", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-869", scope: "eq", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-895r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-890r", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-859", scope: "lte", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b04", }, { model: "dir-885l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-859", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "2.05b02", }, { model: "dir-869", scope: "lte", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-823", scope: "eq", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "1.08b04", }, { model: "dir-885r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "1.07b01", }, { model: "dir-895l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-823", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-865l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-868l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-869", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-880l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-885l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890r", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859 v1.06b01 beta01", scope: null, trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.05b03", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.03b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.00b06", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.07b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.05b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.03b02", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-17621", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Miguel Mendez Z, Pablo Pollanco P", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, cve: "CVE-2019-17621", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2019-17621", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2020-03900", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-17621", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-17621", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2020-03900", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201912-1224", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2019-17621", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation. \n\r\n\r\nA remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges", sources: [ { db: "NVD", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-17621", trust: 3.1, }, { db: "PACKETSTORM", id: "156054", trust: 1.6, }, { db: "DLINK", id: "SAP10146", trust: 1.6, }, { db: "DLINK", id: "SAP10147", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2019-013893", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-03900", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201912-1224", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-17621", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, id: "VAR-201912-1012", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, ], trust: 1.2653324279999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, ], }, last_update_date: "2023-12-26T00:14:59.426000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP10146", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { title: "SAP10147", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { title: "Security Bulletin", trust: 0.8, url: "https://www.dlink.com/en/security-bulletin", }, { title: "Command execution vulnerability in DLINKDIR-859 router v1.06B01 BETA01", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/195823", }, { title: "D-Link DIR-859 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106703", }, { title: "IoT-vulhub", trust: 0.1, url: "https://github.com/vulntotal-team/iot-vulhub ", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://packetstormsecurity.com/files/156054/d-link-dir-859-unauthenticated-remote-command-execution.html", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { trust: 1.6, url: "https://www.dlink.com/en/security-bulletin", }, { trust: 1.6, url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17621", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17621", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "CNVD", id: "CNVD-2020-03900", }, { date: "2019-12-30T00:00:00", db: "VULMON", id: "CVE-2019-17621", }, { date: "2020-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-013893", }, { date: "2019-12-30T17:15:19.857000", db: "NVD", id: "CVE-2019-17621", }, { date: "2019-12-30T00:00:00", db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-03900", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2019-17621", }, { date: "2020-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-013893", }, { date: "2023-11-07T03:06:23.510000", db: "NVD", id: "CVE-2019-17621", }, { date: "2020-02-12T00:00:00", db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 Wi-Fi At the router OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, }
cve-2019-20213
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T01:03:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20213", datePublished: "2020-01-02T01:03:16", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-05T02:39:09.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6528
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6528", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6527
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6527", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6527", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13786
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13786", datePublished: "2020-06-03T16:22:45", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13787
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13787", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13787", datePublished: "2020-06-03T16:22:36", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17621
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:47:13.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-17621", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:33:59.746115Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-06-29", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:34:06.306Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-22T18:06:22.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-17621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", refsource: "MISC", url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { name: "https://www.dlink.com/en/security-bulletin", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { name: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17621", datePublished: "2019-12-30T16:09:17.000Z", dateReserved: "2019-10-16T00:00:00.000Z", dateUpdated: "2025-02-04T20:34:06.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4857
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:36:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4857", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4857", datePublished: "2019-10-25T15:36:13", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6530
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.174Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-6530", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:36:36.248676Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:36:49.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00.000Z", descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6530", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6530", datePublished: "2018-03-06T20:00:00.000Z", dateReserved: "2018-02-02T00:00:00.000Z", dateUpdated: "2025-02-04T20:36:49.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6529
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6529", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4856
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.522Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has Information Disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:44:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4856", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has Information Disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, { name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", refsource: "MISC", url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4856", datePublished: "2019-10-25T15:44:11", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25786
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | x_refsource_MISC | |
https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-19T19:24:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], tags: [ "unsupported-when-assigned", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", refsource: "MISC", url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25786", datePublished: "2020-09-19T19:24:09", dateReserved: "2020-09-19T00:00:00", dateUpdated: "2024-08-04T15:40:36.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13783
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13783", datePublished: "2020-06-03T16:23:09", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13782
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13782", datePublished: "2020-06-03T16:23:19", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4855
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.978Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:47:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, { name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", refsource: "MISC", url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4855", datePublished: "2019-10-25T15:47:43", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.978Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13785
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13785", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13785", datePublished: "2020-06-03T16:22:52", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13784
Vulnerability from cvelistv5
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13784", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13784", datePublished: "2020-06-03T16:23:00", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-860l_firmware | * | |
dlink | dir-860l | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro receiver manipulado en soap.cgi.", }, ], id: "CVE-2018-6528", lastModified: "2024-11-21T04:10:50.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.843", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-860l_firmware | * | |
dlink | dir-860l | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro Treturn manipulado en soap.cgi.", }, ], id: "CVE-2018-6529", lastModified: "2024-11-21T04:10:50.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.907", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Fortaleza de Cifrado Inadecuada.", }, ], id: "CVE-2020-13785", lastModified: "2024-11-21T05:01:51.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.247", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Mitigation, Third Party Advisory | |
cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Mitigation, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Exploit, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | - | |
dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, { lang: "es", value: "D-Link DIR-865L, presenta una inclusión de archivos PHP en el archivo xml del enrutador.", }, ], id: "CVE-2013-4857", lastModified: "2024-11-21T01:56:34.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.490", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-91", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten una Inyección de Comandos.", }, ], id: "CVE-2020-13782", lastModified: "2024-11-21T05:01:50.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:24.997", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Transmisión de Información Confidencial en Texto Sin Cifrar.", }, ], id: "CVE-2020-13787", lastModified: "2024-11-21T05:01:51.387", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.543", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten un ataque de tipo CSRF.", }, ], id: "CVE-2020-13786", lastModified: "2024-11-21T05:01:51.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.387", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
cve@mitre.org | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | - | |
dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, { lang: "es", value: "D-Link DIR-865L, presenta un Salto de Enlace Simbólico de SMB, debido a una configuración inapropiada en el servicio SMB permitiendo la creación de enlaces simbólicos en ubicaciones fuera del recurso compartido Samba.", }, ], id: "CVE-2013-4855", lastModified: "2024-11-21T01:56:33.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.350", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-859_firmware | * | |
dlink | dir-859_firmware | 1.06b01 | |
dlink | dir-859 | - | |
dlink | dir-822_firmware | * | |
dlink | dir-822 | - | |
dlink | dir-822_firmware | * | |
dlink | dir-822 | - | |
dlink | dir-823_firmware | * | |
dlink | dir-823 | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - | |
dlink | dir-869_firmware | * | |
dlink | dir-869 | - | |
dlink | dir-880l_firmware | * | |
dlink | dir-880l | - | |
dlink | dir-890l_firmware | * | |
dlink | dir-890l | - | |
dlink | dir-890r_firmware | * | |
dlink | dir-890r | - | |
dlink | dir-885l_firmware | * | |
dlink | dir-885l | - | |
dlink | dir-885r_firmware | * | |
dlink | dir-885r | - | |
dlink | dir-895l_firmware | * | |
dlink | dir-895l | - | |
dlink | dir-895r_firmware | * | |
dlink | dir-895r | - | |
dlink | dir-818lx_firmware | - | |
dlink | dir-818lx | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, { lang: "es", value: "Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php.", }, ], id: "CVE-2019-20213", lastModified: "2024-11-21T04:38:13.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T14:16:36.533", references: [ { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-803_firmware | 1.04.b02 | |
dlink | dir-803 | a1 | |
dlink | dir-816l_firmware | 2.06 | |
dlink | dir-816l_firmware | 2.06.b09 | |
dlink | dir-816l | b1 | |
dlink | dir-645_firmware | 1.06b01 | |
dlink | dir-645 | a1 | |
dlink | dir-815_firmware | 2.07.b01 | |
dlink | dir-815 | b1 | |
dlink | dir-860l_firmware | 1.10b04 | |
dlink | dir-860l | a1 | |
dlink | dir-865l_firmware | 1.08b01 | |
dlink | dir-865l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, { lang: "es", value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario", }, ], id: "CVE-2020-25786", lastModified: "2024-11-21T05:18:46.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-19T20:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-860l_firmware | * | |
dlink | dir-860l | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro deviceid manipulado en soap.cgi.", }, ], id: "CVE-2018-6527", lastModified: "2024-11-21T04:10:50.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.780", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan un seed predecible en un Generador de Números Pseudoaleatorios.", }, ], id: "CVE-2020-13784", lastModified: "2024-11-21T05:01:50.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.153", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-335", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-859_firmware | * | |
dlink | dir-859_firmware | 1.06b01 | |
dlink | dir-859 | - | |
dlink | dir-822_firmware | * | |
dlink | dir-822 | - | |
dlink | dir-822_firmware | * | |
dlink | dir-822 | - | |
dlink | dir-823_firmware | * | |
dlink | dir-823_firmware | 1.00b06 | |
dlink | dir-823 | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - | |
dlink | dir-869_firmware | * | |
dlink | dir-869_firmware | 1.03b02 | |
dlink | dir-869 | - | |
dlink | dir-880l_firmware | * | |
dlink | dir-880l | - | |
dlink | dir-890l_firmware | * | |
dlink | dir-890l_firmware | 1.11b01 | |
dlink | dir-890l | - | |
dlink | dir-890r_firmware | * | |
dlink | dir-890r_firmware | 1.11b01 | |
dlink | dir-890r | - | |
dlink | dir-885l_firmware | * | |
dlink | dir-885l | - | |
dlink | dir-885r_firmware | * | |
dlink | dir-885r | - | |
dlink | dir-895l_firmware | * | |
dlink | dir-895l | - | |
dlink | dir-895r_firmware | * | |
dlink | dir-895r | - | |
dlink | dir-818lx_firmware | - | |
dlink | dir-818lx | - |
{ cisaActionDue: "2023-07-20", cisaExploitAdd: "2023-06-29", cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", cisaVulnerabilityName: "D-Link DIR-859 Router Command Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*", matchCriteriaId: "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*", matchCriteriaId: "AF693676-C580-44CF-AAC6-6E38658FEAFB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "4C18C9D9-9418-441B-9367-91F86137245C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, { lang: "es", value: "La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local.", }, ], id: "CVE-2019-17621", lastModified: "2025-02-04T21:15:18.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-12-30T17:15:19.857", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
cve@mitre.org | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | - | |
dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has Information Disclosure.", }, { lang: "es", value: "D-Link DIR-865L, presenta una divulgación de información.", }, ], id: "CVE-2013-4856", lastModified: "2024-11-21T01:56:34.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.427", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-860l_firmware | * | |
dlink | dir-860l | - | |
dlink | dir-865l_firmware | * | |
dlink | dir-865l | - | |
dlink | dir-868l_firmware | * | |
dlink | dir-868l | - | |
dlink | dir-880l_firmware | * | |
dlink | dir-880l | - |
{ cisaActionDue: "2022-09-29", cisaExploitAdd: "2022-09-08", cisaRequiredAction: "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.", cisaVulnerabilityName: "D-Link Multiple Routers OS Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9B68DE-D3A7-4973-9D47-7203B2190F82", versionEndIncluding: "reva_firmware_patch_1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro service.", }, ], id: "CVE-2018-6530", lastModified: "2025-02-04T21:15:16.167", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-03-06T20:29:00.987", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
dlink | dir-865l_firmware | 1.20b01 | |
dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan Almacenamiento de Información Confidencial en Texto Sin Cifrar.", }, ], id: "CVE-2020-13783", lastModified: "2024-11-21T05:01:50.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.060", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }