Vulnerabilites related to dlink - dir-865l_firmware
cve-2019-20213
Vulnerability from cvelistv5
Published
2020-01-02 01:03
Modified
2024-08-05 02:39
Severity ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:39:09.121Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-02T01:03:16",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20213",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20213",
      datePublished: "2020-01-02T01:03:16",
      dateReserved: "2020-01-02T00:00:00",
      dateUpdated: "2024-08-05T02:39:09.121Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6528
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.230Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6528",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6528",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.230Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6527
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.079Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6527",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6527",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.079Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13786
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.536Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:47",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13786",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13786",
      datePublished: "2020-06-03T16:22:45",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13787
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.544Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:49",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13787",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13787",
      datePublished: "2020-06-03T16:22:36",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.544Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-17621
Vulnerability from cvelistv5
Published
2019-12-30 16:09
Modified
2025-02-04 20:34
Severity ?
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:47:13.504Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dlink.com/en/security-bulletin",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2019-17621",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T20:33:59.746115Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2023-06-29",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T20:34:06.306Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-22T18:06:22.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dlink.com/en/security-bulletin",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-17621",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
                     refsource: "MISC",
                     url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
                  },
                  {
                     name: "https://www.dlink.com/en/security-bulletin",
                     refsource: "MISC",
                     url: "https://www.dlink.com/en/security-bulletin",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                     refsource: "CONFIRM",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
                  },
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                     refsource: "CONFIRM",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
                  },
                  {
                     name: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
                     refsource: "MISC",
                     url: "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-17621",
      datePublished: "2019-12-30T16:09:17.000Z",
      dateReserved: "2019-10-16T00:00:00.000Z",
      dateUpdated: "2025-02-04T20:34:06.306Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4857
Vulnerability from cvelistv5
Published
2019-10-25 15:36
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.685Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:36:13",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4857",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4857",
      datePublished: "2019-10-25T15:36:13",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.685Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6530
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2025-02-04 20:36
Severity ?
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.174Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2018-6530",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T20:36:36.248676Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-09-08",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T20:36:49.671Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6530",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6530",
      datePublished: "2018-03-06T20:00:00.000Z",
      dateReserved: "2018-02-02T00:00:00.000Z",
      dateUpdated: "2025-02-04T20:36:49.671Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6529
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.135Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-02-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-06T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-6529",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
                  },
                  {
                     name: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
                  },
                  {
                     name: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                     refsource: "MISC",
                     url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
                  },
                  {
                     name: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                     refsource: "CONFIRM",
                     url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-6529",
      datePublished: "2018-03-06T20:00:00",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-08-05T06:10:10.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4856
Vulnerability from cvelistv5
Published
2019-10-25 15:44
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has Information Disclosure.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.522Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has Information Disclosure.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:44:11",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4856",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has Information Disclosure.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
                  {
                     name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                     refsource: "MISC",
                     url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4856",
      datePublished: "2019-10-25T15:44:11",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.522Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25786
Vulnerability from cvelistv5
Published
2020-09-19 19:24
Modified
2024-08-04 15:40
Severity ?
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.997Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-19T19:24:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
            },
         ],
         tags: [
            "unsupported-when-assigned",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-25786",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
                  },
                  {
                     name: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
                     refsource: "MISC",
                     url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-25786",
      datePublished: "2020-09-19T19:24:09",
      dateReserved: "2020-09-19T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13783
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.568Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:41",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13783",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13783",
      datePublished: "2020-06-03T16:23:09",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.568Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13782
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.596Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:37",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13782",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13782",
      datePublished: "2020-06-03T16:23:19",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.596Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4855
Vulnerability from cvelistv5
Published
2019-10-25 15:47
Modified
2024-08-06 16:59
Severity ?
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.978Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/soho_service_hacks/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-25T15:47:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/soho_service_hacks/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4855",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                     refsource: "MISC",
                     url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  },
                  {
                     name: "https://www.ise.io/soho_service_hacks/",
                     refsource: "MISC",
                     url: "https://www.ise.io/soho_service_hacks/",
                  },
                  {
                     name: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                     refsource: "MISC",
                     url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4855",
      datePublished: "2019-10-25T15:47:43",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.978Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13785
Vulnerability from cvelistv5
Published
2020-06-03 16:22
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.489Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:45",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13785",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13785",
      datePublished: "2020-06-03T16:22:52",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.489Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-13784
Vulnerability from cvelistv5
Published
2020-06-03 16:23
Modified
2024-08-04 12:25
Severity ?
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:25:16.478Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-17T12:21:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-13784",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                     refsource: "MISC",
                     url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
                  },
                  {
                     name: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                     refsource: "MISC",
                     url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-13784",
      datePublished: "2020-06-03T16:23:00",
      dateReserved: "2020-06-03T00:00:00",
      dateUpdated: "2024-08-04T12:25:16.478Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro receiver manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6528",
   lastModified: "2024-11-21T04:10:50.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.843",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro Treturn manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6529",
   lastModified: "2024-11-21T04:10:50.547",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.907",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Fortaleza de Cifrado Inadecuada.",
      },
   ],
   id: "CVE-2020-13785",
   lastModified: "2024-11-21T05:01:51.090",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.247",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-326",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Severity ?
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has PHP File Inclusion in the router xml file.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta una inclusión de archivos PHP en el archivo xml del enrutador.",
      },
   ],
   id: "CVE-2013-4857",
   lastModified: "2024-11-21T01:56:34.550",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.490",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-91",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten una Inyección de Comandos.",
      },
   ],
   id: "CVE-2020-13782",
   lastModified: "2024-11-21T05:01:50.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:24.997",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan una Transmisión de Información Confidencial en Texto Sin Cifrar.",
      },
   ],
   id: "CVE-2020-13787",
   lastModified: "2024-11-21T05:01:51.387",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.543",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-319",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, permiten un ataque de tipo CSRF.",
      },
   ],
   id: "CVE-2020-13786",
   lastModified: "2024-11-21T05:01:51.240",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.387",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-352",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta un Salto de Enlace Simbólico de SMB, debido a una configuración inapropiada en el servicio SMB permitiendo la creación de enlaces simbólicos en ubicaciones fuera del recurso compartido Samba.",
      },
   ],
   id: "CVE-2013-4855",
   lastModified: "2024-11-21T01:56:33.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:A/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.350",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
                     versionEndIncluding: "1.05b03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
                     versionEndIncluding: "2.03b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629",
                     versionEndIncluding: "3.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134",
                     versionEndIncluding: "1.00b06",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422",
                     versionEndIncluding: "1.07b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923",
                     versionEndIncluding: "1.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
                     versionEndIncluding: "2.05b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A",
                     versionEndIncluding: "1.03b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
                     versionEndIncluding: "1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.",
      },
      {
         lang: "es",
         value: "Los routers D-Link DIR-859 versiones anteriores a la versión v1.07b03_beta, permiten una divulgación de información no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php.",
      },
   ],
   id: "CVE-2019-20213",
   lastModified: "2024-11-21T04:38:13.213",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-01-02T14:16:36.533",
   references: [
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
      },
      {
         source: "cve@mitre.org",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-74",
            },
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-19 20:15
Modified
2024-11-21 05:18
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-803_firmware:1.04.b02:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C475766-ADDE-4461-9FDF-FE6332F95DBE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-803:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B033D96-30EC-44EA-B70E-670CEAA0E79F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*",
                     matchCriteriaId: "1817EE29-D782-4A98-A478-20BDA559C5CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-816l_firmware:2.06.b09:beta:*:*:*:*:*:*",
                     matchCriteriaId: "ABE7E66F-20B2-4A39-A845-03E5FBBD9E2A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*",
                     matchCriteriaId: "637B2D4B-0EA7-4E30-9B2B-77484D701042",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-645_firmware:1.06b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "84706BD1-5AC0-449D-AB20-A81A9A2D4077",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-645:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E02F7E04-F6D7-466D-81AD-14591443EBC3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-815_firmware:2.07.b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38F5A85-E7DC-4ACF-A488-11AC00DE5856",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-815:b1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA95C491-7895-4410-A9D2-3C7BD2BEB0DC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:1.10b04:*:*:*:*:*:*:*",
                     matchCriteriaId: "D84E9E39-D9A6-4370-8D84-6CAE2D02CDFD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0FB3DE6-9F8D-485A-8DF3-76FC6C20CB6C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.08b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "608124DE-D143-4E95-9DE8-D7A35586361E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:a1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEC7270B-453D-4D04-90AB-7EBD6DC3D97B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [
      {
         sourceIdentifier: "cve@mitre.org",
         tags: [
            "unsupported-when-assigned",
         ],
      },
   ],
   descriptions: [
      {
         lang: "en",
         value: "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header",
      },
      {
         lang: "es",
         value: "** NO COMPATIBLE CUANDO SE ASIGNÓ ** El archivo webinc/js/info.php en dispositivos D-Link DIR-816L versión 2.06.B09_BETA y DIR-803 versión 1.04.B02, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor. NOTA: esto típicamente no es explotable debido a la codificación de URL (excepto en Internet Explorer) y porque una página web no puede especificar que un cliente debe realizar una petición HTTP adicional con un encabezado Referer arbitrario",
      },
   ],
   id: "CVE-2020-25786",
   lastModified: "2024-11-21T05:18:46.167",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-19T20:15:11.903",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un parámetro deviceid manipulado en soap.cgi.",
      },
   ],
   id: "CVE-2018-6527",
   lastModified: "2024-11-21T04:10:50.220",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.780",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan un seed predecible en un Generador de Números Pseudoaleatorios.",
      },
   ],
   id: "CVE-2020-13784",
   lastModified: "2024-11-21T05:01:50.940",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.153",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-335",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-12-30 17:15
Modified
2025-02-04 21:15
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
cve@mitre.orghttp://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
cve@mitre.orghttps://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9Broken Link
cve@mitre.orghttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
cve@mitre.orghttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
cve@mitre.orghttps://www.dlink.com/en/security-bulletinVendor Advisory
cve@mitre.orghttps://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9Broken Link
af854a3a-2127-422b-91ae-364da2661108https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dlink.com/en/security-bulletinVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource



{
   cisaActionDue: "2023-07-20",
   cisaExploitAdd: "2023-06-29",
   cisaRequiredAction: "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
   cisaVulnerabilityName: "D-Link DIR-859 Router Command Execution Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
                     versionEndIncluding: "1.05b03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
                     versionEndIncluding: "2.03b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "46B25758-8EC2-4598-A834-9D513B030629",
                     versionEndIncluding: "3.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99D9046B-206E-4267-98BA-BF572682F134",
                     versionEndIncluding: "1.00b06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*",
                     matchCriteriaId: "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC426833-BEA7-4029-BBBB-94688EE801BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4406996E-761D-4EDC-9877-17B7472C1422",
                     versionEndIncluding: "1.07b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9D90548-24FD-416F-9159-6F7AB318C923",
                     versionEndIncluding: "1.12b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
                     versionEndIncluding: "2.05b02",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "499E8ADA-B4ED-42B2-B237-716A77BD546A",
                     versionEndIncluding: "1.03b02",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*",
                     matchCriteriaId: "AF693676-C580-44CF-AAC6-6E38658FEAFB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
                     versionEndIncluding: "1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*",
                     matchCriteriaId: "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
                     versionEndIncluding: "1.11b01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*",
                     matchCriteriaId: "4C18C9D9-9418-441B-9367-91F86137245C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D678E889-3D74-4D16-84D0-41F547519A7F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "48D9C475-FB79-4D18-823C-0A3F01CB478E",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD481B64-A25D-4123-B575-20EC3C524D9C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
                     versionEndIncluding: "1.12b05",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
                     versionEndIncluding: "1.12b10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "072F053E-4DAB-4246-BEE7-F4813957BF56",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.",
      },
      {
         lang: "es",
         value: "La URL de /gena.cgi del endpoint UPnP en el router  Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el envío de una petición HTTP SUBSCRIBE especialmente diseñada en el servicio UPnP cuando se conecta a la red local.",
      },
   ],
   id: "CVE-2019-17621",
   lastModified: "2025-02-04T21:15:18.170",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2019-12-30T17:15:19.857",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dlink.com/en/security-bulletin",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dlink.com/en/security-bulletin",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-10-25 16:15
Modified
2024-11-21 01:56
Summary
D-Link DIR-865L has Information Disclosure.
Impacted products
Vendor Product Version
dlink dir-865l_firmware -
dlink dir-865l -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "352DA441-FF6D-42A9-B65B-9D1752082152",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L has Information Disclosure.",
      },
      {
         lang: "es",
         value: "D-Link DIR-865L, presenta una divulgación de información.",
      },
   ],
   id: "CVE-2013-4856",
   lastModified: "2024-11-21T01:56:34.290",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "ADJACENT_NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:A/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 5.5,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-10-25T16:15:10.427",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/casestudies/exploiting-soho-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/soho_service_hacks/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-02-04 21:15
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
cve@mitre.orgftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orgftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdfRelease Notes, Vendor Advisory
cve@mitre.orghttps://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-protoExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdfRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-protoExploit, Third Party Advisory



{
   cisaActionDue: "2022-09-29",
   cisaExploitAdd: "2022-09-08",
   cisaRequiredAction: "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.",
   cisaVulnerabilityName: "D-Link Multiple Routers OS Command Injection Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3887A644-753A-4CA3-9D79-0718057EEB3B",
                     versionEndIncluding: "a1_fw110b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0624940E-9466-40BA-97E4-648537A092C0",
                     versionEndIncluding: "reva_firmware_patch_1.08.b01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE2D4824-B834-41EA-8F70-AF12720030C9",
                     versionEndIncluding: "a1_fw112b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E9B68DE-D3A7-4973-9D47-7203B2190F82",
                     versionEndIncluding: "reva_firmware_patch_1.08b04",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC772491-6371-4712-B358-E74D9C5062FD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el parámetro service.",
      },
   ],
   id: "CVE-2018-6530",
   lastModified: "2025-02-04T21:15:16.167",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: true,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2018-03-06T20:29:00.987",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-03 17:15
Modified
2024-11-21 05:01
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Impacted products
Vendor Product Version
dlink dir-865l_firmware 1.20b01
dlink dir-865l ax



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dlink:dir-865l_firmware:1.20b01:*:*:*:*:*:*:*",
                     matchCriteriaId: "262B8C08-44DB-4F85-B923-742465482067",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dlink:dir-865l:ax:*:*:*:*:*:*:*",
                     matchCriteriaId: "13E04B0B-4C21-4316-BCF8-D88BC68AA8E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.",
      },
      {
         lang: "es",
         value: "Los dispositivos D-Link DIR-865L Ax versión 1.20B01 Beta, presentan Almacenamiento de Información Confidencial en Texto Sin Cifrar.",
      },
   ],
   id: "CVE-2020-13783",
   lastModified: "2024-11-21T05:01:50.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-03T17:15:25.060",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}