Vulnerabilites related to dlink - dir-865l
var-201910-1349
Vulnerability from variot
D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.
An unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1349", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4857", }, ], }, cve: "CVE-2013-4857", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-4857", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2019-39546", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4857", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4857", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2019-39546", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201910-1499", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2013-4857", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has PHP File Inclusion in the router xml file. D-Link DIR-865L The blinds XPath An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nAn unknown vulnerability exists in D-Link DIR-865L. No detailed vulnerability details are provided at this time", sources: [ { db: "NVD", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4857", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2013-006859", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39546", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1499", trust: 0.6, }, { db: "VULMON", id: "CVE-2013-4857", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, id: "VAR-201910-1349", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, ], }, last_update_date: "2023-12-18T13:43:11.770000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-91", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.5, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4857", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4857", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/91.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39546", }, { db: "VULMON", id: "CVE-2013-4857", }, { db: "JVNDB", id: "JVNDB-2013-006859", }, { db: "NVD", id: "CVE-2013-4857", }, { db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39546", }, { date: "2019-10-25T00:00:00", db: "VULMON", id: "CVE-2013-4857", }, { date: "2019-10-31T00:00:00", db: "JVNDB", id: "JVNDB-2013-006859", }, { date: "2019-10-25T16:15:10.490000", db: "NVD", id: "CVE-2013-4857", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39546", }, { date: "2019-10-28T00:00:00", db: "VULMON", id: "CVE-2013-4857", }, { date: "2019-10-31T00:00:00", db: "JVNDB", id: "JVNDB-2013-006859", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4857", }, { date: "2019-10-29T00:00:00", db: "CNNVD", id: "CNNVD-201910-1499", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201910-1499", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Blind in XPath Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2013-006859", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201910-1499", }, ], trust: 0.6, }, }
var-202006-0143
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0143", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13782", }, ], }, cve: "CVE-2020-13782", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006052", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33168", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2020-13782", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006052", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13782", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006052", trust: 0.8, value: "Critical", }, { author: "CNVD", id: "CNVD-2020-33168", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202006-328", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13782", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request", sources: [ { db: "NVD", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13782", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006052", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33168", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-328", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13782", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, id: "VAR-202006-0143", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, ], }, last_update_date: "2023-12-18T12:35:28.652000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L operating system command injection vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221791", }, { title: "D-Link DIR-865L Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120232", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13782", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13782", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13782", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "VULMON", id: "CVE-2020-13782", }, { db: "JVNDB", id: "JVNDB-2020-006052", }, { db: "NVD", id: "CVE-2020-13782", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33168", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13782", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006052", }, { date: "2020-06-03T17:15:24.997000", db: "NVD", id: "CVE-2020-13782", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-328", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33168", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13782", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006052", }, { date: "2022-09-02T15:41:32.800000", db: "NVD", id: "CVE-2020-13782", }, { date: "2022-09-05T00:00:00", db: "CNNVD", id: "CNNVD-202006-328", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L operating system command injection vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-33168", }, { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-202006-328", }, ], trust: 0.6, }, }
var-202006-0144
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0144", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13785", }, ], }, cve: "CVE-2020-13785", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006038", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33171", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-13785", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006038", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13785", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006038", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33171", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-332", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13785", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information", sources: [ { db: "NVD", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13785", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006038", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33171", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-332", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13785", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, id: "VAR-202006-0144", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, ], }, last_update_date: "2023-12-18T12:35:28.589000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L encryption problem vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221787", }, { title: "D-Link DIR-865L Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120236", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13785 ", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-326", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13785", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13785", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/326.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13785", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "VULMON", id: "CVE-2020-13785", }, { db: "JVNDB", id: "JVNDB-2020-006038", }, { db: "NVD", id: "CVE-2020-13785", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33171", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13785", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006038", }, { date: "2020-06-03T17:15:25.247000", db: "NVD", id: "CVE-2020-13785", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-332", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33171", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13785", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006038", }, { date: "2022-09-02T15:42:02.727000", db: "NVD", id: "CVE-2020-13785", }, { date: "2020-06-18T00:00:00", db: "CNNVD", id: "CNNVD-202006-332", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L encryption problem vulnerability", sources: [ { db: "CNVD", id: "CNVD-2020-33171", }, { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-202006-332", }, ], trust: 0.6, }, }
var-201803-1767
Vulnerability from variot
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1767", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6528", }, ], }, cve: "CVE-2018-6528", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6528", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06629", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136560", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6528", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6528", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06629", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-151", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136560", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6528", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6528", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-002679", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-151", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06629", trust: 0.6, }, { db: "VULHUB", id: "VHN-136560", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, id: "VAR-201803-1767", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, ], }, last_update_date: "2023-12-18T13:19:10.493000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability (CVE-2018-6528)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124013", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6528", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6528", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06629", }, { db: "VULHUB", id: "VHN-136560", }, { db: "JVNDB", id: "JVNDB-2018-002679", }, { db: "NVD", id: "CVE-2018-6528", }, { db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06629", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136560", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002679", }, { date: "2018-03-06T20:29:00.843000", db: "NVD", id: "CVE-2018-6528", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-151", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06629", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136560", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002679", }, { date: "2023-11-08T21:18:30.427000", db: "NVD", id: "CVE-2018-6528", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-151", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-151", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002679", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-151", }, ], trust: 0.6, }, }
var-202006-1853
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1853", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13784", }, ], }, cve: "CVE-2020-13784", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006054", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33170", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006054", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13784", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006054", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33170", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-331", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided", sources: [ { db: "NVD", id: "CVE-2020-13784", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "CNVD", id: "CNVD-2020-33170", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13784", trust: 3, }, { db: "DLINK", id: "SAP10174", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-006054", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33170", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-331", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, id: "VAR-202006-1853", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, ], }, last_update_date: "2023-12-18T12:35:28.562000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L security feature issue vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221789", }, { title: "D-Link DIR-865L Fixing measures for security feature vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120235", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-335", trust: 1, }, { problemtype: "CWE-338", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13784", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.6, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13784", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33170", }, { db: "JVNDB", id: "JVNDB-2020-006054", }, { db: "NVD", id: "CVE-2020-13784", }, { db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33170", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006054", }, { date: "2020-06-03T17:15:25.153000", db: "NVD", id: "CVE-2020-13784", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-331", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33170", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006054", }, { date: "2021-12-13T19:21:50.177000", db: "NVD", id: "CVE-2020-13784", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-331", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-331", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Cryptographic weakness on the device PRNG Vulnerability in using", sources: [ { db: "JVNDB", id: "JVNDB-2020-006054", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "security feature problem", sources: [ { db: "CNNVD", id: "CNNVD-202006-331", }, ], trust: 0.6, }, }
var-202006-0145
Vulnerability from variot
D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-0145", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13786", }, ], }, cve: "CVE-2020-13786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006039", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CNVD-2020-33172", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2020-13786", impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006039", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13786", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006039", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33172", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-334", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations", sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "CNVD", id: "CNVD-2020-33172", }, ], trust: 1.26, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13786", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006039", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33172", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-334", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, id: "VAR-202006-0145", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, ], }, last_update_date: "2023-12-18T12:35:28.508000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L Cross-Site Request Forgery Vulnerability (CNVD-2020-33172)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221785", }, { title: "D-Link DIR-865L Fixes for cross-site request forgery vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120237", }, { title: "", trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13786 ", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-352", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13786", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/352.html", }, { trust: 0.1, url: "https://github.com/live-hack-cve/cve-2020-13786", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33172", }, { db: "VULMON", id: "CVE-2020-13786", }, { db: "JVNDB", id: "JVNDB-2020-006039", }, { db: "NVD", id: "CVE-2020-13786", }, { db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33172", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13786", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006039", }, { date: "2020-06-03T17:15:25.387000", db: "NVD", id: "CVE-2020-13786", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-334", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33172", }, { date: "2022-09-02T00:00:00", db: "VULMON", id: "CVE-2020-13786", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006039", }, { date: "2022-09-02T15:41:46.040000", db: "NVD", id: "CVE-2020-13786", }, { date: "2020-06-18T00:00:00", db: "CNNVD", id: "CNNVD-202006-334", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-334", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta Cross-site request forgery vulnerability in device", sources: [ { db: "JVNDB", id: "JVNDB-2020-006039", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "cross-site request forgery", sources: [ { db: "CNNVD", id: "CNNVD-202006-334", }, ], trust: 0.6, }, }
var-202009-0817
Vulnerability from variot
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0817", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06", }, { model: "dir-645", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-860l", scope: "eq", trust: 1, vendor: "dlink", version: "1.10b04", }, { model: "dir-803", scope: "eq", trust: 1, vendor: "dlink", version: "1.04.b02", }, { model: "dir-815", scope: "eq", trust: 1, vendor: "dlink", version: "2.07.b01", }, { model: "dir-816l", scope: "eq", trust: 1, vendor: "dlink", version: "2.06.b09", }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.08b01", }, { model: "dir-803 1.04.b02", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-816l 2.06.b09 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, cve: "CVE-2020-25786", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2020-59764", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-25786", impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2020-25786", trust: 1, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2020-59764", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-25786", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header. D-Link DIR-816L and DIR-816 are both wireless routers of D-Link company in Taiwan. No detailed vulnerability details are currently provided", sources: [ { db: "NVD", id: "CVE-2020-25786", }, { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-25786", trust: 2.3, }, { db: "DLINK", id: "SAP10190", trust: 1.7, }, { db: "CNVD", id: "CNVD-2020-59764", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202009-1261", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-25786", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, id: "VAR-202009-0817", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 1.28161163, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], }, last_update_date: "2024-05-17T23:12:39.331000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Patch for D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/237805", }, { title: "D-Link DIR-816L and DIR-803 Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128929", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2020-25786", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "https://github.com/sek1th/iot/blob/master/dir-816l_xss.md", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10190", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-25786", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-59764", }, { db: "VULMON", id: "CVE-2020-25786", }, { db: "CNNVD", id: "CNNVD-202009-1261", }, { db: "NVD", id: "CVE-2020-25786", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-24T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2020-09-19T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-09-19T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2020-09-19T20:15:11.903000", db: "NVD", id: "CVE-2020-25786", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-11-01T00:00:00", db: "CNVD", id: "CNVD-2020-59764", }, { date: "2021-04-23T00:00:00", db: "VULMON", id: "CVE-2020-25786", }, { date: "2020-10-09T00:00:00", db: "CNNVD", id: "CNNVD-202009-1261", }, { date: "2024-05-17T01:46:24", db: "NVD", id: "CVE-2020-25786", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-816L and DIR-803 cross-site scripting vulnerabilities", sources: [ { db: "CNVD", id: "CNVD-2020-59764", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-202009-1261", }, ], trust: 0.6, }, }
var-201910-1347
Vulnerability from variot
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation.
A security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1347", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4855", }, ], }, cve: "CVE-2013-4855", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 7.9, confidentialityImpact: "COMPLETE", exploitabilityScore: 5.5, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 7.9, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2013-4855", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "CNVD-2019-39548", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4855", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4855", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-39548", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201910-1498", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2013-4855", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. D-Link DIR-865L Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. \n\nA security vulnerability exists in D-Link DIR-865L, which originated from a failure to configure properly in the SMB service. An attacker could use this vulnerability to create a symbolic link to the router file system root", sources: [ { db: "NVD", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4855", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2013-006860", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39548", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1498", trust: 0.6, }, { db: "VULMON", id: "CVE-2013-4855", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, id: "VAR-201910-1347", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, ], }, last_update_date: "2023-12-18T11:59:20.947000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006860", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-22", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.5, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4855", }, { trust: 1.7, url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4855", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/22.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "VULMON", id: "CVE-2013-4855", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "NVD", id: "CVE-2013-4855", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39548", }, { date: "2019-10-25T00:00:00", db: "VULMON", id: "CVE-2013-4855", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006860", }, { date: "2019-10-25T16:15:10.350000", db: "NVD", id: "CVE-2013-4855", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39548", }, { date: "2019-10-29T00:00:00", db: "VULMON", id: "CVE-2013-4855", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006860", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4855", }, { date: "2019-10-30T00:00:00", db: "CNNVD", id: "CNNVD-201910-1498", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L path traversal vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-39548", }, { db: "JVNDB", id: "JVNDB-2013-006860", }, { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "path traversal", sources: [ { db: "CNNVD", id: "CNNVD-201910-1498", }, ], trust: 0.6, }, }
var-201803-1769
Vulnerability from variot
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \342\200\230service\342\200\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1769", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08b04", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-880l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-880l_reva_firmware_patch_1.08b04", }, { model: "dir-880l <dir-880l reva patch 1.08b04", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, { model: "dir-880l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6530", }, ], }, cve: "CVE-2018-6530", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2018-6530", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2018-06671", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-136562", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-6530", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6530", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2018-06671", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201803-149", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-136562", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2018-6530", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \\342\\200\\230service\\342\\200\\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_ ", sources: [ { db: "NVD", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6530", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2018-002681", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-06671", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201803-149", trust: 0.6, }, { db: "VULHUB", id: "VHN-136562", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-6530", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, id: "VAR-201803-1769", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, ], trust: 1.525419932, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, ], }, last_update_date: "2023-12-18T12:02:27.752000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "DIR-880L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf", }, { title: "Patches for multiple D-Link product operating system command injection vulnerabilities", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124231", }, { title: "", trust: 0.1, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto ", }, { title: "EQUAFL_setup\nUSAGE\nEQUAFL++\nAFLPlusplus\nServer\nCOMMAND INJECTION INFO\nroot cause analysis", trust: 0.1, url: "https://github.com/zyw-200/equafl_setup ", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136562", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6530", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6530", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/78.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/zyw-200/equafl_setup", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06671", }, { db: "VULHUB", id: "VHN-136562", }, { db: "VULMON", id: "CVE-2018-6530", }, { db: "JVNDB", id: "JVNDB-2018-002681", }, { db: "NVD", id: "CVE-2018-6530", }, { db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06671", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136562", }, { date: "2018-03-06T00:00:00", db: "VULMON", id: "CVE-2018-6530", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002681", }, { date: "2018-03-06T20:29:00.987000", db: "NVD", id: "CVE-2018-6530", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-149", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06671", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136562", }, { date: "2023-11-08T00:00:00", db: "VULMON", id: "CVE-2018-6530", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002681", }, { date: "2023-11-08T21:19:01.743000", db: "NVD", id: "CVE-2018-6530", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-149", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-149", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link In product OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002681", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201803-149", }, ], trust: 0.6, }, }
var-201803-1768
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1768", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6529", }, ], }, cve: "CVE-2018-6529", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6529", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06597", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136561", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6529", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6529", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06597", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-150", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136561", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2018-6529", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6529", trust: 3.2, }, { db: "JVNDB", id: "JVNDB-2018-002680", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-150", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06597", trust: 0.6, }, { db: "VULHUB", id: "VHN-136561", trust: 0.1, }, { db: "VULMON", id: "CVE-2018-6529", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, id: "VAR-201803-1768", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, ], }, last_update_date: "2023-12-18T12:18:59.676000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/123967", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136561", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.2, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6529", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6529", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06597", }, { db: "VULHUB", id: "VHN-136561", }, { db: "VULMON", id: "CVE-2018-6529", }, { db: "JVNDB", id: "JVNDB-2018-002680", }, { db: "NVD", id: "CVE-2018-6529", }, { db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-28T00:00:00", db: "CNVD", id: "CNVD-2018-06597", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136561", }, { date: "2018-03-06T00:00:00", db: "VULMON", id: "CVE-2018-6529", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002680", }, { date: "2018-03-06T20:29:00.907000", db: "NVD", id: "CVE-2018-6529", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-150", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-28T00:00:00", db: "CNVD", id: "CNVD-2018-06597", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136561", }, { date: "2018-03-27T00:00:00", db: "VULMON", id: "CVE-2018-6529", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002680", }, { date: "2023-11-08T21:18:46.963000", db: "NVD", id: "CVE-2018-6529", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-150", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-150", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002680", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-150", }, ], trust: 0.6, }, }
var-201910-1348
Vulnerability from variot
D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201910-1348", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: null, trust: 1.4, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1.2, vendor: "d link", version: null, }, { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2013-4856", }, ], }, cve: "CVE-2013-4856", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.9, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2013-4856", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", exploitabilityScore: 5.5, id: "CNVD-2019-39545", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2013-4856", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2013-4856", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2019-39545", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201910-1500", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L has Information Disclosure. D-Link DIR-865L is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component", sources: [ { db: "NVD", id: "CVE-2013-4856", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "CNVD", id: "CNVD-2019-39545", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2013-4856", trust: 3, }, { db: "JVNDB", id: "JVNDB-2013-006861", trust: 0.8, }, { db: "CNVD", id: "CNVD-2019-39545", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201910-1500", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, id: "VAR-201910-1348", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, ], trust: 1.1744681, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, ], }, last_update_date: "2023-12-18T14:00:47.200000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Top Page", trust: 0.8, url: "https://www.dlink.com/en/consumer", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006861", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { trust: 2.4, url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-4856", }, { trust: 1.6, url: "https://www.ise.io/soho_service_hacks/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4856", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "JVNDB", id: "JVNDB-2013-006861", }, { db: "NVD", id: "CVE-2013-4856", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39545", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006861", }, { date: "2019-10-25T16:15:10.427000", db: "NVD", id: "CVE-2013-4856", }, { date: "2019-10-25T00:00:00", db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-11-07T00:00:00", db: "CNVD", id: "CNVD-2019-39545", }, { date: "2019-11-01T00:00:00", db: "JVNDB", id: "JVNDB-2013-006861", }, { date: "2023-04-26T19:27:52.350000", db: "NVD", id: "CVE-2013-4856", }, { date: "2019-10-30T00:00:00", db: "CNNVD", id: "CNNVD-201910-1500", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Information Disclosure Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-39545", }, { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201910-1500", }, ], trust: 0.6, }, }
var-202006-1852
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1852", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13787", }, ], }, cve: "CVE-2020-13787", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006040", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33173", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULMON", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-13787", impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "MEDIUM", trust: 0.1, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006040", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13787", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006040", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33173", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-335", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2020-13787", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program transmitting sensitive information in clear text. A remote attacker can use the vulnerability to obtain sensitive information by sniffing network traffic", sources: [ { db: "NVD", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13787", trust: 3.1, }, { db: "DLINK", id: "SAP10174", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2020-006040", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33173", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-335", trust: 0.6, }, { db: "VULMON", id: "CVE-2020-13787", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, id: "VAR-202006-1852", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, ], }, last_update_date: "2023-12-18T12:35:28.618000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L Information Disclosure Vulnerability (CNVD-2020-33173)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221781", }, { title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120238", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-319", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13787", }, { trust: 1.7, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.7, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13787", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/200.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33173", }, { db: "VULMON", id: "CVE-2020-13787", }, { db: "JVNDB", id: "JVNDB-2020-006040", }, { db: "NVD", id: "CVE-2020-13787", }, { db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33173", }, { date: "2020-06-03T00:00:00", db: "VULMON", id: "CVE-2020-13787", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006040", }, { date: "2020-06-03T17:15:25.543000", db: "NVD", id: "CVE-2020-13787", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-335", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33173", }, { date: "2020-06-17T00:00:00", db: "VULMON", id: "CVE-2020-13787", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006040", }, { date: "2021-12-13T19:22:32.657000", db: "NVD", id: "CVE-2020-13787", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-335", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-335", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax Beta Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-006040", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202006-335", }, ], trust: 0.6, }, }
var-201803-1766
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1766", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-860l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw110b04", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "a1_fw112b04", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-860l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir860la1_fw110b04", }, { model: "dir-865l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir-865l_reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "lte", trust: 0.8, vendor: "d link", version: "dir868la1_fw112b04", }, { model: "dir-868l <=dir868la1 fw112b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-865l <=dir-865l reva patch 1.08.b01", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l <=dir860la1 fw110b04", scope: null, trust: 0.6, vendor: "345 217 213 350 256 257 347 247 221 346 212 200", version: null, }, { model: "dir-860l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw110b04", }, { model: "dir-865l", scope: "eq", trust: 0.6, vendor: "d link", version: "reva_firmware_patch_1.08.b01", }, { model: "dir-868l", scope: "eq", trust: 0.6, vendor: "d link", version: "a1_fw112b04", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-6527", }, ], }, cve: "CVE-2018-6527", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2018-6527", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CNVD-2018-06630", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-136559", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 6.1, baseSeverity: "Medium", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2018-6527", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Changed", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-6527", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2018-06630", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201803-152", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-136559", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier", sources: [ { db: "NVD", id: "CVE-2018-6527", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-6527", trust: 3.1, }, { db: "JVNDB", id: "JVNDB-2018-002678", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201803-152", trust: 0.7, }, { db: "CNVD", id: "CNVD-2018-06630", trust: 0.6, }, { db: "VULHUB", id: "VHN-136559", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, id: "VAR-201803-1766", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, ], trust: 1.5752999514285713, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, ], }, last_update_date: "2023-12-18T12:44:09.202000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-860L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { title: "DIR-865L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { title: "DIR-868L Firmware Patch Notes", trust: 0.8, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { title: "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/124005", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf", }, { trust: 1.1, url: "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6527", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-6527", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-06630", }, { db: "VULHUB", id: "VHN-136559", }, { db: "JVNDB", id: "JVNDB-2018-002678", }, { db: "NVD", id: "CVE-2018-6527", }, { db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06630", }, { date: "2018-03-06T00:00:00", db: "VULHUB", id: "VHN-136559", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002678", }, { date: "2018-03-06T20:29:00.780000", db: "NVD", id: "CVE-2018-6527", }, { date: "2018-03-07T00:00:00", db: "CNNVD", id: "CNNVD-201803-152", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-03-29T00:00:00", db: "CNVD", id: "CNVD-2018-06630", }, { date: "2018-03-27T00:00:00", db: "VULHUB", id: "VHN-136559", }, { date: "2018-04-24T00:00:00", db: "JVNDB", id: "JVNDB-2018-002678", }, { date: "2023-11-08T21:18:08.193000", db: "NVD", id: "CVE-2018-6527", }, { date: "2023-04-27T00:00:00", db: "CNNVD", id: "CNNVD-201803-152", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201803-152", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural D-Link Product cross-site scripting vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2018-002678", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "XSS", sources: [ { db: "CNNVD", id: "CNNVD-201803-152", }, ], trust: 0.6, }, }
var-202001-0381
Vulnerability from variot
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0381", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-818lx", scope: "eq", trust: 2.2, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2.03b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "2.05b02", }, { model: "dir-869", scope: "lte", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "3.12b04", }, { model: "dir-823", scope: "lte", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-895r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "1.08b04", }, { model: "dir-890r", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-859", scope: "lte", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "1.07b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b04", }, { model: "dir-885l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-885r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-859", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-895l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-823", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-865l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-868l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-869", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-880l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890r", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859 <1.07b03 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, { model: "dir-895l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-869", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-885l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.05b03", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.03b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.00b06", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.07b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.05b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.03b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-20213", }, ], }, cve: "CVE-2019-20213", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2019-20213", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-04703", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-20213", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-20213", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2020-04703", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202001-005", trust: 0.6, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a", sources: [ { db: "NVD", id: "CVE-2019-20213", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "CNVD", id: "CNVD-2020-04703", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-20213", trust: 3, }, { db: "DLINK", id: "SAP10147", trust: 1.6, }, { db: "DLINK", id: "SAP10146", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2019-014085", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-04703", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202001-005", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, id: "VAR-202001-0381", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, ], trust: 1.2653324279999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, ], }, last_update_date: "2023-12-18T12:27:47.122000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP10146", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { title: "SAP10147", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { title: "Patch for D-Link DIR-859 Information Disclosure Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/200127", }, { title: "D-Link DIR-859 Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108253", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-74", trust: 1, }, { problemtype: "CWE-863", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20213", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20213", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-04703", }, { db: "JVNDB", id: "JVNDB-2019-014085", }, { db: "NVD", id: "CVE-2019-20213", }, { db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-04703", }, { date: "2020-01-31T00:00:00", db: "JVNDB", id: "JVNDB-2019-014085", }, { date: "2020-01-02T14:16:36.533000", db: "NVD", id: "CVE-2019-20213", }, { date: "2020-01-02T00:00:00", db: "CNNVD", id: "CNNVD-202001-005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-04703", }, { date: "2020-01-31T00:00:00", db: "JVNDB", id: "JVNDB-2019-014085", }, { date: "2023-11-07T03:08:40.733000", db: "NVD", id: "CVE-2019-20213", }, { date: "2020-01-03T00:00:00", db: "CNNVD", id: "CNNVD-202001-005", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 Router Information Disclosure Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-014085", }, ], trust: 0.8, }, }
var-202006-1854
Vulnerability from variot
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1854", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-865l", scope: "eq", trust: 1, vendor: "dlink", version: "1.20b01", }, { model: "dir-865l", scope: "eq", trust: 0.8, vendor: "d link", version: "1.20b01", }, { model: "dir-865l ax 1.20b01 beta", scope: null, trust: 0.6, vendor: "d link", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2020-13783", }, ], }, cve: "CVE-2020-13783", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2020-006053", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2020-33169", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2020-006053", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2020-13783", trust: 1, value: "HIGH", }, { author: "NVD", id: "JVNDB-2020-006053", trust: 0.8, value: "High", }, { author: "CNVD", id: "CNVD-2020-33169", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202006-330", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text", sources: [ { db: "NVD", id: "CVE-2020-13783", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "CNVD", id: "CNVD-2020-33169", }, ], trust: 2.16, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-13783", trust: 3, }, { db: "DLINK", id: "SAP10174", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2020-006053", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-33169", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202006-330", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, id: "VAR-202006-1854", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, ], trust: 1.38723405, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, ], }, last_update_date: "2023-12-18T12:35:28.682000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "DIR-865L :: Rev. Ax :: End of Service Product :: Multiple Vulnerabilities", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { title: "Patch for D-Link DIR-865L information disclosure vulnerability (CNVD-2020-33169)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/221783", }, { title: "D-Link DIR-865L Repair measures for information disclosure vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120234", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-312", trust: 1, }, { problemtype: "CWE-200", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-13783", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10174", }, { trust: 1.6, url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13783", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-33169", }, { db: "JVNDB", id: "JVNDB-2020-006053", }, { db: "NVD", id: "CVE-2020-13783", }, { db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33169", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006053", }, { date: "2020-06-03T17:15:25.060000", db: "NVD", id: "CVE-2020-13783", }, { date: "2020-06-03T00:00:00", db: "CNNVD", id: "CNNVD-202006-330", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-06-16T00:00:00", db: "CNVD", id: "CNVD-2020-33169", }, { date: "2020-06-29T00:00:00", db: "JVNDB", id: "JVNDB-2020-006053", }, { date: "2021-12-13T19:19:17.343000", db: "NVD", id: "CVE-2020-13783", }, { date: "2021-12-14T00:00:00", db: "CNNVD", id: "CNNVD-202006-330", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202006-330", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-865L Information leakage vulnerabilities in devices", sources: [ { db: "JVNDB", id: "JVNDB-2020-006053", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-202006-330", }, ], trust: 0.6, }, }
var-201912-1012
Vulnerability from variot
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation.
A remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1012", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "dir-818lx", scope: "eq", trust: 2.2, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 1.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-890l", scope: "eq", trust: 1.6, vendor: "dlink", version: "1.11b01", }, { model: "dir-890l", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "2.03b01", }, { model: "dir-822", scope: "lte", trust: 1, vendor: "dlink", version: "3.12b04", }, { model: "dir-823", scope: "lte", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-869", scope: "eq", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-895r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-890r", scope: "lte", trust: 1, vendor: "dlink", version: "1.11b01", }, { model: "dir-859", scope: "lte", trust: 1, vendor: "dlink", version: "1.05b03", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b04", }, { model: "dir-885l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-859", scope: "eq", trust: 1, vendor: "dlink", version: "1.06b01", }, { model: "dir-868l", scope: "lte", trust: 1, vendor: "dlink", version: "2.05b02", }, { model: "dir-869", scope: "lte", trust: 1, vendor: "dlink", version: "1.03b02", }, { model: "dir-823", scope: "eq", trust: 1, vendor: "dlink", version: "1.00b06", }, { model: "dir-880l", scope: "lte", trust: 1, vendor: "dlink", version: "1.08b04", }, { model: "dir-885r", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b05", }, { model: "dir-865l", scope: "lte", trust: 1, vendor: "dlink", version: "1.07b01", }, { model: "dir-895l", scope: "lte", trust: 1, vendor: "dlink", version: "1.12b10", }, { model: "dir-822", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-823", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-865l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-868l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-869", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-880l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-885l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890l", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-890r", scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: "dir-859 v1.06b01 beta01", scope: null, trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-890r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-895r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885l", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, { model: "dir-885r", scope: "eq", trust: 0.6, vendor: "dlink", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.05b03", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.03b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.00b06", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.07b01", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.05b02", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.03b02", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.08b04", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.11b01", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b05", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.12b10", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-17621", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Miguel Mendez Z, Pablo Pollanco P", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, cve: "CVE-2019-17621", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2019-17621", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CNVD-2020-03900", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-17621", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-17621", trust: 1.8, value: "CRITICAL", }, { author: "CNVD", id: "CNVD-2020-03900", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201912-1224", trust: 0.6, value: "CRITICAL", }, { author: "VULMON", id: "CVE-2019-17621", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation. \n\r\n\r\nA remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges", sources: [ { db: "NVD", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-17621", trust: 3.1, }, { db: "PACKETSTORM", id: "156054", trust: 1.6, }, { db: "DLINK", id: "SAP10146", trust: 1.6, }, { db: "DLINK", id: "SAP10147", trust: 1.6, }, { db: "JVNDB", id: "JVNDB-2019-013893", trust: 0.8, }, { db: "CNVD", id: "CNVD-2020-03900", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201912-1224", trust: 0.6, }, { db: "VULMON", id: "CVE-2019-17621", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, id: "VAR-201912-1012", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, ], trust: 1.2653324279999998, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, ], }, last_update_date: "2023-12-26T00:14:59.426000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "SAP10146", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { title: "SAP10147", trust: 0.8, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { title: "Security Bulletin", trust: 0.8, url: "https://www.dlink.com/en/security-bulletin", }, { title: "Command execution vulnerability in DLINKDIR-859 router v1.06B01 BETA01", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/195823", }, { title: "D-Link DIR-859 Fixes for operating system command injection vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=106703", }, { title: "IoT-vulhub", trust: 0.1, url: "https://github.com/vulntotal-team/iot-vulhub ", }, ], sources: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-78", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "http://packetstormsecurity.com/files/156054/d-link-dir-859-unauthenticated-remote-command-execution.html", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146", }, { trust: 1.6, url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147", }, { trust: 1.6, url: "https://www.dlink.com/en/security-bulletin", }, { trust: 1.6, url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17621", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { trust: 1, url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17621", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { trust: 0.6, url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2020-03900", }, { db: "VULMON", id: "CVE-2019-17621", }, { db: "JVNDB", id: "JVNDB-2019-013893", }, { db: "NVD", id: "CVE-2019-17621", }, { db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-14T00:00:00", db: "CNVD", id: "CNVD-2020-03900", }, { date: "2019-12-30T00:00:00", db: "VULMON", id: "CVE-2019-17621", }, { date: "2020-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-013893", }, { date: "2019-12-30T17:15:19.857000", db: "NVD", id: "CVE-2019-17621", }, { date: "2019-12-30T00:00:00", db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "CNVD", id: "CNVD-2020-03900", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2019-17621", }, { date: "2020-01-21T00:00:00", db: "JVNDB", id: "JVNDB-2019-013893", }, { date: "2023-11-07T03:06:23.510000", db: "NVD", id: "CVE-2019-17621", }, { date: "2020-02-12T00:00:00", db: "CNNVD", id: "CNNVD-201912-1224", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "D-Link DIR-859 Wi-Fi At the router OS Command injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2019-013893", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "operating system commend injection", sources: [ { db: "CNNVD", id: "CNNVD-201912-1224", }, ], trust: 0.6, }, }
cve-2019-20213
Vulnerability from cvelistv5
Published
2020-01-02 01:03
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-02T01:03:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20213", datePublished: "2020-01-02T01:03:16", dateReserved: "2020-01-02T00:00:00", dateUpdated: "2024-08-05T02:39:09.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6528
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6528", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6527
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6527", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6527", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13786
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:47", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13786", datePublished: "2020-06-03T16:22:45", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13787
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13787", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13787", datePublished: "2020-06-03T16:22:36", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17621
Vulnerability from cvelistv5
Published
2019-12-30 16:09
Modified
2025-02-04 20:34
Severity ?
EPSS score ?
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:47:13.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-17621", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:33:59.746115Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-06-29", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:34:06.306Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-22T18:06:22.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.dlink.com/en/security-bulletin", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-17621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", refsource: "MISC", url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { name: "https://www.dlink.com/en/security-bulletin", refsource: "MISC", url: "https://www.dlink.com/en/security-bulletin", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", refsource: "CONFIRM", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", refsource: "MISC", url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { name: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17621", datePublished: "2019-12-30T16:09:17.000Z", dateReserved: "2019-10-16T00:00:00.000Z", dateUpdated: "2025-02-04T20:34:06.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4857
Vulnerability from cvelistv5
Published
2019-10-25 15:36
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.685Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:36:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4857", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4857", datePublished: "2019-10-25T15:36:13", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6530
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2025-02-04 20:36
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.174Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2018-6530", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:36:36.248676Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:36:49.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00.000Z", descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6530", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6530", datePublished: "2018-03-06T20:00:00.000Z", dateReserved: "2018-02-02T00:00:00.000Z", dateUpdated: "2025-02-04T20:36:49.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6529
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-06T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { tags: [ "x_refsource_CONFIRM", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-6529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", refsource: "MISC", url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", refsource: "CONFIRM", url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-6529", datePublished: "2018-03-06T20:00:00", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-08-05T06:10:10.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4856
Vulnerability from cvelistv5
Published
2019-10-25 15:44
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
D-Link DIR-865L has Information Disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
| https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.522Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has Information Disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:44:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4856", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has Information Disclosure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, { name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", refsource: "MISC", url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4856", datePublished: "2019-10-25T15:44:11", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | x_refsource_MISC | |
| https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-19T19:24:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], tags: [ "unsupported-when-assigned", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25786", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", refsource: "MISC", url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25786", datePublished: "2020-09-19T19:24:09", dateReserved: "2020-09-19T00:00:00", dateUpdated: "2024-08-04T15:40:36.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13783
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13783", datePublished: "2020-06-03T16:23:09", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13782
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:37", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13782", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13782", datePublished: "2020-06-03T16:23:19", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4855
Vulnerability from cvelistv5
Published
2019-10-25 15:47
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC | |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC | |
| https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.978Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-25T15:47:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/soho_service_hacks/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ise.io/casestudies/exploiting-soho-routers/", refsource: "MISC", url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { name: "https://www.ise.io/soho_service_hacks/", refsource: "MISC", url: "https://www.ise.io/soho_service_hacks/", }, { name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", refsource: "MISC", url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4855", datePublished: "2019-10-25T15:47:43", dateReserved: "2013-07-16T00:00:00", dateUpdated: "2024-08-06T16:59:40.978Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13785
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.489Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13785", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13785", datePublished: "2020-06-03T16:22:52", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13784
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-17T12:21:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { tags: [ "x_refsource_MISC", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13784", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", refsource: "MISC", url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", refsource: "MISC", url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13784", datePublished: "2020-06-03T16:23:00", dateReserved: "2020-06-03T00:00:00", dateUpdated: "2024-08-04T12:25:16.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro receiver manipulado en soap.cgi.", }, ], id: "CVE-2018-6528", lastModified: "2024-11-21T04:10:50.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.843", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro Treturn manipulado en soap.cgi.", }, ], id: "CVE-2018-6529", lastModified: "2024-11-21T04:10:50.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.907", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Fortaleza de Cifrado Inadecuada.", }, ], id: "CVE-2020-13785", lastModified: "2024-11-21T05:01:51.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.247", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Severity ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | - | |
| dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.", }, { lang: "es", value: "D-Link DIR-865L, presenta una inclusión de archivos PHP en el archivo xml del enrutador.", }, ], id: "CVE-2013-4857", lastModified: "2024-11-21T01:56:34.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.490", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-91", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten una Inyección de Comandos.", }, ], id: "CVE-2020-13782", lastModified: "2024-11-21T05:01:50.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:24.997", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Transmisión de Información Confidencial en Texto Sin Cifrar.", }, ], id: "CVE-2020-13787", lastModified: "2024-11-21T05:01:51.387", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.543", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten un ataque de tipo CSRF.", }, ], id: "CVE-2020-13786", lastModified: "2024-11-21T05:01:51.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.387", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Severity ?
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | - | |
| dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.", }, { lang: "es", value: "D-Link DIR-865L, presenta un Salto de Enlace Simbólico de SMB, debido a una configuración inapropiada en el servicio SMB permitiendo la creación de enlaces simbólicos en ubicaciones fuera del recurso compartido Samba.", }, ], id: "CVE-2013-4855", lastModified: "2024-11-21T01:56:33.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.350", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.", }, { lang: "es", value: "Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php.", }, ], id: "CVE-2019-20213", lastModified: "2024-11-21T04:38:13.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-02T14:16:36.533", references: [ { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "cve@mitre.org", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-803_firmware | 1.04.b02 | |
| dlink | dir-803 | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l_firmware | 2.06.b09 | |
| dlink | dir-816l | b1 | |
| dlink | dir-645_firmware | 1.06b01 | |
| dlink | dir-645 | a1 | |
| dlink | dir-815_firmware | 2.07.b01 | |
| dlink | dir-815 | b1 | |
| dlink | dir-860l_firmware | 1.10b04 | |
| dlink | dir-860l | a1 | |
| dlink | dir-865l_firmware | 1.08b01 | |
| dlink | dir-865l | a1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*", matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*", matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*", matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*", matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*", matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*", matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*", matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*", matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*", matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*", matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*", matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "unsupported-when-assigned", ], }, ], descriptions: [ { lang: "en", value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header", }, { lang: "es", value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario", }, ], id: "CVE-2020-25786", lastModified: "2024-11-21T05:18:46.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-19T20:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.", }, { lang: "es", value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro deviceid manipulado en soap.cgi.", }, ], id: "CVE-2018-6527", lastModified: "2024-11-21T04:10:50.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-06T20:29:00.780", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan un seed predecible en un Generador de Números Pseudoaleatorios.", }, ], id: "CVE-2020-13784", lastModified: "2024-11-21T05:01:50.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.153", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-335", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-30 17:15
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823_firmware | 1.00b06 | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869_firmware | 1.03b02 | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l_firmware | 1.11b01 | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r_firmware | 1.11b01 | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{ cisaActionDue: "2023-07-20", cisaExploitAdd: "2023-06-29", cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", cisaVulnerabilityName: "D-Link DIR-859 Router Command Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0", versionEndIncluding: "1.05b03", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*", matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*", matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E", versionEndIncluding: "2.03b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629", versionEndIncluding: "3.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*", matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134", versionEndIncluding: "1.00b06", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*", matchCriteriaId: "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*", matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422", versionEndIncluding: "1.07b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923", versionEndIncluding: "1.12b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9", versionEndIncluding: "2.05b02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A", versionEndIncluding: "1.03b02", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*", matchCriteriaId: "AF693676-C580-44CF-AAC6-6E38658FEAFB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*", matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD", versionEndIncluding: "1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619", versionEndIncluding: "1.11b01", vulnerable: true, }, { criteria: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*", matchCriteriaId: "4C18C9D9-9418-441B-9367-91F86137245C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*", matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50", versionEndIncluding: "1.12b05", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*", matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3", versionEndIncluding: "1.12b10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*", matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.", }, { lang: "es", value: "La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local.", }, ], id: "CVE-2019-17621", lastModified: "2025-02-04T21:15:18.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-12-30T17:15:19.857", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dlink.com/en/security-bulletin", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Severity ?
Summary
D-Link DIR-865L has Information Disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
| cve@mitre.org | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/casestudies/exploiting-soho-routers/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/soho_service_hacks/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | - | |
| dlink | dir-865l | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L has Information Disclosure.", }, { lang: "es", value: "D-Link DIR-865L, presenta una divulgación de información.", }, ], id: "CVE-2013-4856", lastModified: "2024-11-21T01:56:34.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-25T16:15:10.427", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/casestudies/exploiting-soho-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/soho_service_hacks/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - |
{ cisaActionDue: "2022-09-29", cisaExploitAdd: "2022-09-08", cisaRequiredAction: "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.", cisaVulnerabilityName: "D-Link Multiple Routers OS Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B", versionEndIncluding: "a1_fw110b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*", matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0", versionEndIncluding: "reva_firmware_patch_1.08.b01", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*", matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9", versionEndIncluding: "a1_fw112b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9B68DE-D3A7-4973-9D47-7203B2190F82", versionEndIncluding: "reva_firmware_patch_1.08b04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.", }, { lang: "es", value: "Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro service.", }, ], id: "CVE-2018-6530", lastModified: "2025-02-04T21:15:16.167", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-03-06T20:29:00.987", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-865l_firmware | 1.20b01 | |
| dlink | dir-865l | ax |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*", matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*", matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.", }, { lang: "es", value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan Almacenamiento de Información Confidencial en Texto Sin Cifrar.", }, ], id: "CVE-2020-13783", lastModified: "2024-11-21T05:01:50.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-03T17:15:25.060", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }