Vulnerabilites related to dlink - di-8003
Vulnerability from fkie_nvd
Published
2024-11-10 04:15
Modified
2024-11-13 20:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.283633 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.283633 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?submit.434931 | Third Party Advisory | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n upgrade_filter_asp del archivo /upgrade_filter.asp. La manipulaci\u00f3n de la ruta de argumentos provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-11047",
"lastModified": "2024-11-13T20:56:10.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-11-10T04:15:15.950",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.283633"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?id.283633"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.434931"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-10 04:15
Modified
2024-11-13 20:53
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.283634 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.283634 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?submit.434936 | Third Party Advisory | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n dbsrv_asp del archivo /dbsrv.asp. La manipulaci\u00f3n del argumento str provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-11048",
"lastModified": "2024-11-13T20:53:55.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-11-10T04:15:16.220",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.283634"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?id.283634"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.434936"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-20 20:15
Modified
2024-11-22 17:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_tgfile_htm_stackoverflow/detail.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DI-8003 v16.07.16A1 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro fn en la funci\u00f3n tgfile_htm."
}
],
"id": "CVE-2024-52754",
"lastModified": "2024-11-22T17:15:09.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-20T20:15:19.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_tgfile_htm_stackoverflow/detail.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-21 09:46
Modified
2024-11-22 17:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_jingx_asp_stackoverflow/detail.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DI-8003 v16.07.26A1 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro host_ip en la funci\u00f3n ipsec_road_asp."
}
],
"id": "CVE-2024-52755",
"lastModified": "2024-11-22T17:15:09.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-21T09:46:33.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_jingx_asp_stackoverflow/detail.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-20 20:15
Modified
2024-11-22 17:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_arp_sys_asp_stackoverflow/detail.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DI-8003 v16.07.16A1 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro de notificaci\u00f3n en la funci\u00f3n arp_sys_asp."
}
],
"id": "CVE-2024-52757",
"lastModified": "2024-11-22T17:15:10.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-20T20:15:19.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_arp_sys_asp_stackoverflow/detail.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-19 19:15
Modified
2024-11-22 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_ip_position_asp_stackoverflow/detail.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-LINK DI-8003 v16.07.26A1 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro ip en la funci\u00f3n ip_position_asp."
}
],
"id": "CVE-2024-52759",
"lastModified": "2024-11-22T17:15:10.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-19T19:15:08.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_ip_position_asp_stackoverflow/detail.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-10 03:15
Modified
2024-11-13 21:01
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_command_injection/DI8003_command_injection.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.283632 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.283632 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.434929 | Third Party Advisory | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | di-8003_firmware | 16.07.16a1 | |
| dlink | di-8003 | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B22DC9-F8B2-462A-A64C-5881DC1E3FCD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:di-8003:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "840B4964-A435-4220-BBCC-08DC344FD7D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha clasificado como cr\u00edtica. La funci\u00f3n upgrade_filter_asp del archivo /upgrade_filter.asp est\u00e1 afectada. La manipulaci\u00f3n de la ruta de argumentos conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-11046",
"lastModified": "2024-11-13T21:01:01.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-11-10T03:15:03.940",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_command_injection/DI8003_command_injection.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.283632"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.283632"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.434929"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
var-202411-0417
Vulnerability from variot
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8003 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8003 is a wireless router from D-Link of China.
D-Link DI-8003 version 16.07.16A1 has a buffer overflow vulnerability. The vulnerability is caused by the parameter str of the file /dbsrv.asp failing to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-8003",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "16.07.16a1"
},
{
"model": "di-8003",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "di-8003 firmware 16.07.16a1"
},
{
"model": "di-8003 16.07.16a1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"cve": "CVE-2024-11048",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2024-11048",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-012720",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-44818",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-11048",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-11048",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-012720",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-11048",
"trust": 1.0,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11048",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-012720",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-44818",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8003 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8003 is a wireless router from D-Link of China. \n\nD-Link DI-8003 version 16.07.16A1 has a buffer overflow vulnerability. The vulnerability is caused by the parameter str of the file /dbsrv.asp failing to correctly verify the length of the input data. Remote attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11048"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "CNVD",
"id": "CNVD-2024-44818"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11048",
"trust": 3.2
},
{
"db": "VULDB",
"id": "283634",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-44818",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"id": "VAR-202411-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
}
]
},
"last_update_date": "2024-11-16T23:00:13.370000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DI-8003 dbsrv.asp file buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618116"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [ others ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/theraz0r/iot-mycve/blob/main/dlink_di8003_stackoverflow/dlink-di8003-stackoverflow-dbsrv.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.434936"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.6,
"url": "https://vuldb.com/?id.283634"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.283634"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11048"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"date": "2024-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"date": "2024-11-10T04:15:16.220000",
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-44818"
},
{
"date": "2024-11-15T03:29:00",
"db": "JVNDB",
"id": "JVNDB-2024-012720"
},
{
"date": "2024-11-13T20:53:55.113000",
"db": "NVD",
"id": "CVE-2024-11048"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0di-8003\u00a0 Buffer error vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012720"
}
],
"trust": 0.8
}
}
var-202411-0447
Vulnerability from variot
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8003 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8003 is a wireless router from D-Link of China.
D-Link DI-8003 version 16.07.16A1 has a command injection vulnerability, which is caused by the parameter path of the file /upgrade_filter.asp failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-8003",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "16.07.16a1"
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "di-8003 firmware 16.07.16a1"
},
{
"model": "di-8003",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003 16.07.16a1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"cve": "CVE-2024-11046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2024-11046",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2024-012564",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2024-44852",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-11046",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-11046",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-012564",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-11046",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-11046",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2024-012564",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2024-44852",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of di-8003 The firmware contains a command injection vulnerability. OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DI-8003 is a wireless router from D-Link of China. \n\nD-Link DI-8003 version 16.07.16A1 has a command injection vulnerability, which is caused by the parameter path of the file /upgrade_filter.asp failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11046"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "CNVD",
"id": "CNVD-2024-44852"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11046",
"trust": 3.2
},
{
"db": "VULDB",
"id": "283632",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-44852",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"id": "VAR-202411-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
}
]
},
"last_update_date": "2024-11-15T23:00:26.584000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for D-Link DI-8003 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/618151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://vuldb.com/?id.283632"
},
{
"trust": 1.8,
"url": "https://github.com/theraz0r/iot-mycve/blob/main/dlink_di8003_command_injection/di8003_command_injection.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.434929"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.283632"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11046"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"date": "2024-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"date": "2024-11-10T03:15:03.940000",
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-44852"
},
{
"date": "2024-11-14T02:47:00",
"db": "JVNDB",
"id": "JVNDB-2024-012564"
},
{
"date": "2024-11-13T21:01:01.540000",
"db": "NVD",
"id": "CVE-2024-11046"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0di-8003\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-012564"
}
],
"trust": 0.8
}
}
var-202411-1441
Vulnerability from variot
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company.
D-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1441",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-8003",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "16.07.16a1"
},
{
"model": "di-8003",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "di-8003 firmware 16.07.16a1"
},
{
"model": "di-8400 v16.07.26a1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"cve": "CVE-2024-52757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-46395",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-52757",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2024-52757",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-52757",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-52757",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-52757",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2024-52757",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-46395",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-Link DI-8400 is a wireless router from D-Link, a Chinese company. \n\nD-Link DI-8400 arp_sys_asp has a buffer overflow vulnerability, which can be exploited by remote attackers to submit special requests, causing the service program to crash or execute arbitrary code in the context of the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52757"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "CNVD",
"id": "CNVD-2024-46395"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52757",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46395",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"id": "VAR-202411-1441",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
}
]
},
"last_update_date": "2024-11-29T23:07:42.700000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/faqiadegege/iotvuln/blob/main/di_8003_arp_sys_asp_stackoverflow/detail.md"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52757"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"date": "2024-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"date": "2024-11-20T20:15:19.533000",
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46395"
},
{
"date": "2024-11-25T02:55:00",
"db": "JVNDB",
"id": "JVNDB-2024-013302"
},
{
"date": "2024-11-22T17:15:10.150000",
"db": "NVD",
"id": "CVE-2024-52757"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0di-8003\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013302"
}
],
"trust": 0.8
}
}
var-202411-1539
Vulnerability from variot
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-1539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "di-8003",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "16.07.16a1"
},
{
"model": "di-8003",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "di-8003",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "di-8003 firmware 16.07.16a1"
},
{
"model": "di-8003 v16.07.26a1",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"cve": "CVE-2024-52755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-46386",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2024-52755",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.1,
"id": "CVE-2024-52755",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2024-52755",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-52755",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-52755",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2024-52755",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-46386",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. D-Link Systems, Inc. of di-8003 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. D-LINK DI-8003 is a router product produced by D-LINK. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52755"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "CNVD",
"id": "CNVD-2024-46386"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52755",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-46386",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"id": "VAR-202411-1539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
}
]
},
"last_update_date": "2024-11-29T23:08:33.376000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/faqiadegege/iotvuln/blob/main/di_8003_jingx_asp_stackoverflow/detail.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52755"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"date": "2024-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"date": "2024-11-21T09:46:33.970000",
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46386"
},
{
"date": "2024-11-25T02:53:00",
"db": "JVNDB",
"id": "JVNDB-2024-013298"
},
{
"date": "2024-11-22T17:15:09.970000",
"db": "NVD",
"id": "CVE-2024-52755"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0di-8003\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-013298"
}
],
"trust": 0.8
}
}
cve-2024-11048
Vulnerability from cvelistv5
Published
2024-11-10 04:00
Modified
2024-11-12 15:46
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.283634 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.283634 | signature, permissions-required | |
| https://vuldb.com/?submit.434936 | third-party-advisory | |
| https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-8003_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "16.07.16a1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11048",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:44:15.502899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:46:02.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-8003",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.16A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "theRaz0r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in D-Link DI-8003 16.07.16A1 ausgemacht. Hierbei geht es um die Funktion dbsrv_asp der Datei /dbsrv.asp. Durch Beeinflussen des Arguments str mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T04:00:10.367Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283634 | D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283634"
},
{
"name": "VDB-283634 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283634"
},
{
"name": "Submit #434936 | D-Link DI8003 16.07.16A1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.434936"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink-DI8003-stackoverflow-dbsrv.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-09T09:13:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-8003 dbsrv.asp dbsrv_asp stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11048",
"datePublished": "2024-11-10T04:00:10.367Z",
"dateReserved": "2024-11-09T08:08:36.541Z",
"dateUpdated": "2024-11-12T15:46:02.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52757
Vulnerability from cvelistv5
Published
2024-11-20 00:00
Modified
2024-11-22 16:16
Severity ?
EPSS score ?
Summary
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T16:15:56.865937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:16:30.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:45:55.005183",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_arp_sys_asp_stackoverflow/detail.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52757",
"datePublished": "2024-11-20T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-22T16:16:30.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52755
Vulnerability from cvelistv5
Published
2024-11-20 00:00
Modified
2024-11-22 16:13
Severity ?
EPSS score ?
Summary
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T16:12:51.443044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:13:22.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T22:47:20.628988",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_jingx_asp_stackoverflow/detail.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52755",
"datePublished": "2024-11-20T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-22T16:13:22.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11047
Vulnerability from cvelistv5
Published
2024-11-10 03:31
Modified
2024-11-12 15:46
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.283633 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.283633 | signature, permissions-required | |
| https://vuldb.com/?submit.434931 | third-party-advisory | |
| https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:di-8003_firmware:16.07.16a1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "di-8003_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "16.07.16a1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11047",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:44:21.435500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:46:48.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-8003",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.16A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "theRaz0r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In D-Link DI-8003 16.07.16A1 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion upgrade_filter_asp der Datei /upgrade_filter.asp. Durch das Beeinflussen des Arguments path mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T03:31:04.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283633 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283633"
},
{
"name": "VDB-283633 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283633"
},
{
"name": "Submit #434931 | Dlink DI8003 16.07.16A1 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.434931"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_stackoverflow/Dlink_DI8003_stackoverflow.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-09T09:13:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11047",
"datePublished": "2024-11-10T03:31:04.900Z",
"dateReserved": "2024-11-09T08:08:34.041Z",
"dateUpdated": "2024-11-12T15:46:48.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52759
Vulnerability from cvelistv5
Published
2024-11-19 00:00
Modified
2024-11-22 16:20
Severity ?
EPSS score ?
Summary
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T16:18:20.343430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:20:09.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:59:16.931876",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_ip_position_asp_stackoverflow/detail.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52759",
"datePublished": "2024-11-19T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-22T16:20:09.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-52754
Vulnerability from cvelistv5
Published
2024-11-20 00:00
Modified
2024-11-22 16:18
Severity ?
EPSS score ?
Summary
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-52754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T16:17:16.416805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T16:18:03.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:42:20.706896",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://github.com/faqiadegege/IoTVuln/blob/main/DI_8003_tgfile_htm_stackoverflow/detail.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-52754",
"datePublished": "2024-11-20T00:00:00",
"dateReserved": "2024-11-15T00:00:00",
"dateUpdated": "2024-11-22T16:18:03.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-11046
Vulnerability from cvelistv5
Published
2024-11-10 03:00
Modified
2024-11-12 15:05
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.283632 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.283632 | signature, permissions-required | |
| https://vuldb.com/?submit.434929 | third-party-advisory | |
| https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_command_injection/DI8003_command_injection.md | exploit | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:05:44.291252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:05:58.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DI-8003",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "16.07.16A1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "theRaz0r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in D-Link DI-8003 16.07.16A1 ausgemacht. Es geht dabei um die Funktion upgrade_filter_asp der Datei /upgrade_filter.asp. Durch Manipulieren des Arguments path mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-10T03:00:10.737Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-283632 | D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.283632"
},
{
"name": "VDB-283632 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.283632"
},
{
"name": "Submit #434929 | D-Link DI8003 16.07.16A1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.434929"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/theRaz0r/iot-mycve/blob/main/Dlink_DI8003_command_injection/DI8003_command_injection.md"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-09T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-11-09T09:13:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DI-8003 upgrade_filter.asp upgrade_filter_asp os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-11046",
"datePublished": "2024-11-10T03:00:10.737Z",
"dateReserved": "2024-11-09T08:08:30.181Z",
"dateUpdated": "2024-11-12T15:05:58.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}