Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by D-Link Japan K.K.
CVE-2021-20697 (GCVE-0-2021-20697)
Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.
Severity
No CVSS data available.
CWE
- Missing authentication for critical function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing authentication for critical function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20697",
"datePublished": "2021-04-26T00:20:43.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20696 (GCVE-0-2021-20696)
Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20696",
"datePublished": "2021-04-26T00:20:42.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20695 (GCVE-0-2021-20695)
Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper following of a certificate's chain of trust
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper following of a certificate\u0027s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper following of a certificate\u0027s chain of trust",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper following of a certificate\u0027s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper following of a certificate\u0027s chain of trust"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20695",
"datePublished": "2021-04-26T00:20:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20694 (GCVE-0-2021-20694)
Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20694",
"datePublished": "2021-04-26T00:20:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6013 (GCVE-0-2019-6013)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
VLAI
Summary
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/product/dba-1510p#produc… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95875796/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DBA-1510P |
Affected:
firmware 1.70b009 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBA-1510P",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware 1.70b009 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBA-1510P",
"version": {
"version_data": [
{
"version_value": "firmware 1.70b009 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"name": "http://jvn.jp/en/jp/JVN95875796/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6013",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6014 (GCVE-0-2019-6014)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
VLAI
Summary
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/product/dba-1510p#produc… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95875796/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DBA-1510P |
Affected:
firmware 1.70b009 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBA-1510P",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware 1.70b009 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBA-1510P",
"version": {
"version_data": [
{
"version_value": "firmware 1.70b009 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"name": "http://jvn.jp/en/jp/JVN95875796/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6014",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20697 (GCVE-0-2021-20697)
Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors.
Severity
No CVSS data available.
CWE
- Missing authentication for critical function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing authentication for critical function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20697",
"datePublished": "2021-04-26T00:20:43.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20696 (GCVE-0-2021-20696)
Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20696",
"datePublished": "2021-04-26T00:20:42.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20695 (GCVE-0-2021-20695)
Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper following of a certificate's chain of trust
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper following of a certificate\u0027s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper following of a certificate\u0027s chain of trust",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper following of a certificate\u0027s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper following of a certificate\u0027s chain of trust"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20695",
"datePublished": "2021-04-26T00:20:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20694 (GCVE-0-2021-20694)
Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/support/release/jvnvu928… | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU92898656/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DAP-1880AC |
Affected:
firmware version 1.21 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DAP-1880AC",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.21 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DAP-1880AC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92898656/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20694",
"datePublished": "2021-04-26T00:20:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6013 (GCVE-0-2019-6013)
Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
VLAI
Summary
DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/product/dba-1510p#produc… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95875796/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DBA-1510P |
Affected:
firmware 1.70b009 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBA-1510P",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware 1.70b009 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBA-1510P",
"version": {
"version_data": [
{
"version_value": "firmware 1.70b009 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"name": "http://jvn.jp/en/jp/JVN95875796/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6013",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6014 (GCVE-0-2019-6014)
Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
VLAI
Summary
DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.dlink-jp.com/product/dba-1510p#produc… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN95875796/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Japan K.K. | DBA-1510P |
Affected:
firmware 1.70b009 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DBA-1510P",
"vendor": "D-Link Japan K.K.",
"versions": [
{
"status": "affected",
"version": "firmware 1.70b009 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DBA-1510P",
"version": {
"version_data": [
{
"version_value": "firmware 1.70b009 and earlier"
}
]
}
}
]
},
"vendor_name": "D-Link Japan K.K."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink-jp.com/product/dba-1510p#product_firmware",
"refsource": "MISC",
"url": "https://www.dlink-jp.com/product/dba-1510p#product_firmware"
},
{
"name": "http://jvn.jp/en/jp/JVN95875796/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN95875796/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6014",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2019-000062
Vulnerability from jvndb - Published: 2019-10-07 15:17 - Updated:2019-10-07 15:17
Severity
Summary
Multiple OS command injection vulnerabilities in DBA-1510P
Details
DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below.
* OS command injection vulnerability in Command Line Interface (CLI) (CWE-78) - CVE-2019-6013
* OS command injection vulnerability in Web User Interface (CWE-78) - CVE-2019-6014
Katsuhiko Sato(a.k.a. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html",
"dc:date": "2019-10-07T15:17+09:00",
"dcterms:issued": "2019-10-07T15:17+09:00",
"dcterms:modified": "2019-10-07T15:17+09:00",
"description": "DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below.\r\n\r\n * OS command injection vulnerability in Command Line Interface (CLI) (CWE-78) - CVE-2019-6013\r\n * OS command injection vulnerability in Web User Interface (CWE-78) - CVE-2019-6014\r\n\r\nKatsuhiko Sato(a.k.a. goroh_kun) of COCON Inc, Technical Research Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000062.html",
"sec:cpe": {
"#text": "cpe:/o:dlink-j:dba-1510p_firmware",
"@product": "DBA-1510P firmware",
"@vendor": "D-Link Japan K.K.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000062",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN95875796/index.html",
"@id": "JVN#95875796",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6013",
"@id": "CVE-2019-6013",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6014",
"@id": "CVE-2019-6014",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6013",
"@id": "CVE-2019-6013",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6014",
"@id": "CVE-2019-6014",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple OS command injection vulnerabilities in DBA-1510P"
}