Vulnerabilites related to D-Link - DIR-878
cve-2025-0481
Vulnerability from cvelistv5
Published
2025-01-15 19:00
Modified
2025-01-15 20:02
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.291924 | vdb-entry | |
| https://vuldb.com/?ctiid.291924 | signature, permissions-required | |
| https://vuldb.com/?submit.475011 | third-party-advisory | |
| https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0481",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T20:01:04.855899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T20:02:35.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in D-Link DIR-878 1.03 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /dllog.cgi der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T19:00:13.869Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-291924 | D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.291924"
},
{
"name": "VDB-291924 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.291924"
},
{
"name": "Submit #475011 | D-Link DIR-878 HW:A1 FW:1.03 Improper Access Controls",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.475011"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-878/dllog.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-15T13:28:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0481",
"datePublished": "2025-01-15T19:00:13.869Z",
"dateReserved": "2025-01-15T12:23:43.675Z",
"dateUpdated": "2025-01-15T20:02:35.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required | |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | D-Link | DAP-1360 |
Version: 20240112 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-300",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615GF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615T",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-806A",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-816",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-820",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACG1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-841",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-843",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-853",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-882",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1210",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1260",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1530",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1860",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-224",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-245GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2640U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-G2452GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402GFRU",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G-IL",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-312W",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-953",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Good Line Router v2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "99iz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T15:31:04.290Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-19T08:26:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0717",
"datePublished": "2024-01-19T15:31:04.290Z",
"dateReserved": "2024-01-19T07:21:32.386Z",
"dateUpdated": "2024-08-01T18:11:35.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26670
Vulnerability from cvelistv5
Published
2022-04-07 18:22
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "1.20b05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-07T18:22:39",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update firmware version to v1.30B08 Hotfix03"
}
],
"source": {
"advisory": "TVN-202203003",
"discovery": "EXTERNAL"
},
"title": "D-Link DIR-878 - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-03-31T02:26:00.000Z",
"ID": "CVE-2022-26670",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR-878 - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-878",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20b05"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update firmware version to v1.30B08 Hotfix03"
}
],
"source": {
"advisory": "TVN-202203003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-26670",
"datePublished": "2022-04-07T18:22:39.276740Z",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-09-17T03:07:22.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}