Vulnerabilites related to dlink - dsl-2750u_firmware
cve-2023-46033
Vulnerability from cvelistv5
Published
2023-10-19 00:00
Modified
2024-09-12 18:20
Severity ?
EPSS score ?
Summary
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dsl-2750u",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "n300"
},
{
"status": "affected",
"version": "adsl2\\/+\\/"
}
]
},
{
"cpes": [
"cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dsl-2730u",
"vendor": "dlink",
"versions": [
{
"status": "affected",
"version": "n150"
},
{
"status": "affected",
"version": "adsl2\\/+\\/"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:14:18.795246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:20:33.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T15:44:48.837407",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router"
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357"
},
{
"url": "https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router"
}
],
"tags": [
"unsupported-when-assigned"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46033",
"datePublished": "2023-10-19T00:00:00",
"dateReserved": "2023-10-16T00:00:00",
"dateUpdated": "2024-09-12T18:20:33.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3707
Vulnerability from cvelistv5
Published
2021-08-16 04:55
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 | x_refsource_CONFIRM | |
| https://jvn.jp/en/vu/JVNVU92088210/ | third-party-advisory, x_refsource_JVN |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "firmware vME1.16 or prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T04:55:11",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "firmware vME1.16 or prior versions"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-15: External Control of System or Configuration Setting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md",
"refsource": "MISC",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-3707",
"datePublished": "2021-08-16T04:55:11",
"dateReserved": "2021-08-15T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.251542 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.251542 | signature, permissions-required | |
| https://github.com/999zzzzz/D-Link | exploit |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | D-Link | DAP-1360 |
Version: 20240112 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DAP-1360",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-300",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615GF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-615T",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-620S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-806A",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-815S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-816",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-820",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-822",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825AC",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACF",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-825ACG1",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-841",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-842S",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-843",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-853",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-878",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-882",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1210",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-1260",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-2150",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1530",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DIR-X1860",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-224",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-245GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2640U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DSL-G2452GR",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-5402GFRU",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DVG-N5402G-IL",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-312W",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWM-321",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-921",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "DWR-953",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Good Line Router v2",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "20240112"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "99iz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T15:31:04.290Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.251542"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/999zzzzz/D-Link"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-19T08:26:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0717",
"datePublished": "2024-01-19T15:31:04.290Z",
"dateReserved": "2024-01-19T07:21:32.386Z",
"dateUpdated": "2024-08-01T18:11:35.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1010155
Vulnerability from cvelistv5
Published
2019-07-23 13:18
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage
References
| ▼ | URL | Tags |
|---|---|---|
| https://youtu.be/BQQbp2vn_wY | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109351 | vdb-entry, x_refsource_BID | |
| https://cxsecurity.com/issue/WLB-2018080199 | x_refsource_MISC | |
| https://www.youtube.com/watch?v=7sk6agpcA_s | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can\u0027t actually configure anything. Thus, there is no denial of service or information leakage"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-08T14:42:47",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can\u0027t actually configure anything. Thus, there is no denial of service or information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/BQQbp2vn_wY",
"refsource": "MISC",
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"name": "109351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109351"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018080199",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"name": "https://www.youtube.com/watch?v=7sk6agpcA_s",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010155",
"datePublished": "2019-07-23T13:18:36",
"dateReserved": "2019-03-20T00:00:00",
"dateUpdated": "2024-08-05T03:07:18.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3708
Vulnerability from cvelistv5
Published
2021-08-16 04:55
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md | x_refsource_MISC | |
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 | x_refsource_CONFIRM | |
| https://jvn.jp/en/vu/JVNVU92088210/ | third-party-advisory, x_refsource_JVN |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "firmware vME1.16 or prior versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T04:55:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-3708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DSL-2750U",
"version": {
"version_data": [
{
"version_value": "firmware vME1.16 or prior versions"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md",
"refsource": "MISC",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"name": "JVNVU#92088210: Multiple vulnerabilities in D-Link router DSL-2750U",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-3708",
"datePublished": "2021-08-16T04:55:13",
"dateReserved": "2021-08-15T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9792
Vulnerability from cvelistv5
Published
2024-10-10 15:00
Modified
2024-10-10 15:36
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.4 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.279945 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.279945 | signature, permissions-required | |
| https://vuldb.com/?submit.415532 | third-party-advisory | |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:36:11.407946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:36:26.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Port Forwarding Page"
],
"product": "DSL-2750U",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "R5B017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TheRaghul (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in D-Link DSL-2750U R5B017 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Port Forwarding Page. Mittels Manipulieren des Arguments PortMappingDescription mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:00:12.311Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279945 | D-Link DSL-2750U Port Forwarding Page cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279945"
},
{
"name": "VDB-279945 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279945"
},
{
"name": "Submit #415532 | D-Link DSL-2750U R5B017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.415532"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2024-10-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-10T08:55:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DSL-2750U Port Forwarding Page cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9792",
"datePublished": "2024-10-10T15:00:12.311Z",
"dateReserved": "2024-10-10T06:49:23.280Z",
"dateUpdated": "2024-10-10T15:36:26.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13150
Vulnerability from cvelistv5
Published
2020-06-15 15:56
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC | |
| https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T15:56:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310",
"refsource": "MISC",
"url": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13150",
"datePublished": "2020-06-15T15:56:11",
"dateReserved": "2020-05-18T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-06-15 16:15
Modified
2024-11-21 05:00
Severity ?
Summary
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310 | Third Party Advisory | |
| cve@mitre.org | https://www.dlink.com/en/security-bulletin | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dlink.com/en/security-bulletin | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2750u_firmware | me_1.03 | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:me_1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E57367-6E92-45C2-A5D0-3808E061486F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active."
},
{
"lang": "es",
"value": "Los dispositivos D-link DSL-2750U versi\u00f3n ISL2750UEME3.V1E, permiten aproximadamente 90 segundos de acceso al panel de control, despu\u00e9s de un reinicio, previo a que las reglas de filtrado de direcciones MAC sean activadas"
}
],
"id": "CVE-2020-13150",
"lastModified": "2024-11-21T05:00:44.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T16:15:22.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gist.github.com/idris159/4c3ea746f4b19308b8ce8d8a7e313310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-19 16:15
Modified
2024-11-21 08:47
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/999zzzzz/D-Link | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.251542 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.251542 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81B11B0F-8307-4845-A322-2CB3FE85840D",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "129E5D3B-B94F-4F33-B64C-35115AFB1165",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4A6809-F1A7-416B-9345-9F7A37B7BF71",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D789C69F-5063-43B7-AB71-5B0C9294D55E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19167352-59AF-4D47-BC80-A1599F24DE0A",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5C311E-DB22-452B-BC26-265E3A84B57C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9867D17E-123A-4A33-A058-12BF1AC453F8",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2899DF29-FDF6-4D57-8846-3DADCC5349A0",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF2C35C-8C59-4D36-8CC9-AE03853B40D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCF939D-719A-4682-ADD8-C1DE484E5377",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7038F8A9-03F3-4442-B371-84801EF05447",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9302B88E-28ED-486C-9E64-D38B9B857E89",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E92E959-C211-4979-A233-163BEFCF6F0D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5039D893-1396-42D0-91D9-2E02B974EF98",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05AE997-7966-4CCA-B58A-93B684D55F60",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9001FB50-6B3D-4EE2-BC9F-920DE95BDC58",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "332F4880-9D76-4C74-95DE-730F72879EC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A25B0-D5E9-4668-B00A-F4F2B34C7457",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A60F07-0DA7-47AD-B3C0-E1F6ED630C89",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEAC2985-B6E3-4215-8BA5-B6653BCB5EC6",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "926B41A6-009F-444D-BE5C-B517F844E99B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02D27414-7D38-40A6-978B-6A9417A2D09C",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50618B63-304B-4A61-AA50-5154E8690E88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA077FA3-FA87-4B2D-897E-A7B1A7BC7642",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF8EB08-A378-4F14-ADD9-E97C244DD80D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2BFA6C-D260-4B9F-952A-E185BCD0F415",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "517C1250-268D-45A7-9BD1-EACE4BA1BA82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DAE783-B0F3-4765-A7FD-945F041369E7",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D288C73-F89A-47FF-AF11-143C3DFDF942",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D626BD4C-D4D2-4CC5-91EF-AF938A5C1983",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD011B62-C988-463A-8672-F5BD0D984179",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4477BE0A-BC4A-4534-8FED-3045CD373008",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "951C4DD2-B472-401B-A1FF-4FE5957A5213",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87DB97AC-CBBA-422D-8DE3-E82DC1D73A98",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2143B3-B3A0-41D6-B8F7-78CE40B1759C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCB1321-793F-455C-847C-E5033A920F1F",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "996A7C60-49BB-46BE-8A2C-CEABA71FBEB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2A35FF-2623-4D3C-920A-42B836984085",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C6BA467-0AB4-42BF-BBD1-59E2FA03CF42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0D3126B-FE49-4C78-A734-95C3C0276AE2",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09E483F8-5B0E-498A-B1CA-8F1EA5FD350C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A04F04-D2DC-4DC9-B44B-F5DEC933E9AC",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06F065A1-2599-442C-AB55-DE24D47A7869",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61E0E68-F20D-4663-9855-B71F60266B83",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FE9B1C-6246-458F-AF0D-E624D1DBFAE2",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A74ABB9E-FD49-431A-BB23-9DCA44B8A806",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F098AF6-DC38-4D50-9316-809349CB573E",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF4C296-C8AA-4197-B280-ED5D22C70156",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27F65EC-6C50-4691-99A2-EA1C1D3DE0C8",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C2C7F0-FE1C-4B95-9636-FA6041C85C44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2472D8A-C45A-447B-A296-B2BB93A7E948",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6ECB8ED-F3A2-4C05-8570-719ECB166B09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B065B35-4FC9-4D4C-823D-F06418454CC9",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F03A354-6EBE-4081-9234-00DCB747EAB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-815\\/ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A78E427F-121A-4453-B0BD-48C2A516FE5A",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-815\\/ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "291ACFCF-032B-466D-9C5B-D5CCF9CA7DD9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "500B6A19-ED9A-404C-A071-D77F4263288F",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C744969-0177-4E24-8E60-1DB0EFE1E5C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29D9E5D9-B9E8-4BD0-B6DC-F253559925B3",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD8659-B935-441C-9AFF-20E8AE157E2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3BFEE9-5E48-4D94-977B-7A79CF2AEB1A",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A46288E8-3105-4FAA-80E7-94EECD1764F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83F75D8-3563-4A07-A794-6970A63EAA9B",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E95864-1D6F-4BB2-9940-144385527271",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1790403-AC76-4A3E-B727-836AF7ABCF10",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C30FD50-1AC6-476A-85B9-30D24E0663DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B29BE39-F488-4C74-8B5C-F8D6C3256F96",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85293557-FC2C-4A56-8EA0-6E12968E7FBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dvg-5402g\\/gfru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "672ADB90-0062-48CE-B437-28919980A4B0",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-5402g\\/gfru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C4C431-489D-4F09-A312-B4FBCC38E91E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA2FBAD-C15D-4908-AB8B-23087354D4A8",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E37EEA4D-B3F6-4A39-971C-07C1CB0BA209",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dvg-n5402g\\/il_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "236D3547-1FB9-44B3-ABD2-F948912B6D4D",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-n5402g\\/il:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B118E9B4-961D-46B6-95E3-514A99C8BFA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065F9B59-FBA8-4798-8F29-82741815B0CD",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8BB581-D7A3-494A-AB43-BCAE390ED692",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3409D3-C046-410B-96BB-128FC1C2C097",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9932A023-1CE6-4915-812D-F3CE5EAB114C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEE17B3-F77C-4F3A-92D7-99BFF1F1A824",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1127DA2D-4024-4962-B8FB-C81E07B1AE94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B0191F0-DB03-479F-BA89-8CBF6F378BD6",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43227AC8-29BA-43E9-AB4F-10C83F222514",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9199BBF6-42E4-418E-8A3C-7F69CCB3D145",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876FA028-A6B1-488A-A29D-038D93539C07",
"versionEndIncluding": "2024-01-12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B54058C1-B58F-434A-ABF0-A6B314A1AB14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815 y clasificada como cr\u00edtica , DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR -843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U , DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 y Good Line Router v2 hasta 20240112 Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /devinfo del componente HTTP GET Request Handler. La manipulaci\u00f3n del \u00e1rea de argumentos con la entrada aviso|net|versi\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251542 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2024-0717",
"lastModified": "2024-11-21T08:47:12.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-19T16:15:11.190",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/999zzzzz/D-Link"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.251542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/999zzzzz/D-Link"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.251542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.251542"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-10 15:15
Modified
2024-11-25 19:02
Severity ?
2.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://vuldb.com/?ctiid.279945 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.279945 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.415532 | Third Party Advisory | |
| cna@vuldb.com | https://www.dlink.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2750u_firmware | r5b017 | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:r5b017:*:*:*:*:*:*:*",
"matchCriteriaId": "91864D20-4644-4FD9-8E02-2D5A3662E2FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en D-Link DSL-2750U R5B017. Afecta a una parte desconocida del componente Port Forwarding Page. La manipulaci\u00f3n del argumento PortMappingDescription provoca ataques de cross site scripting. Es posible iniciar el ataque de forma remota."
}
],
"id": "CVE-2024-9792",
"lastModified": "2024-11-25T19:02:48.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-10T15:15:15.710",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.279945"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.279945"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?submit.415532"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.dlink.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-23 14:15
Modified
2024-11-21 04:18
Severity ?
Summary
D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage
References
| ▼ | URL | Tags | |
|---|---|---|---|
| josh@bress.net | http://www.securityfocus.com/bid/109351 | Broken Link, Third Party Advisory, VDB Entry | |
| josh@bress.net | https://cxsecurity.com/issue/WLB-2018080199 | Third Party Advisory | |
| josh@bress.net | https://www.youtube.com/watch?v=7sk6agpcA_s | Exploit, Third Party Advisory | |
| josh@bress.net | https://youtu.be/BQQbp2vn_wY | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109351 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2018080199 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=7sk6agpcA_s | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/BQQbp2vn_wY | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2750u_firmware | 1.11 | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E87CC9-9C10-4CEB-B821-C804941EE9C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "josh@bress.net",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can\u0027t actually configure anything. Thus, there is no denial of service or information leakage"
},
{
"lang": "es",
"value": "** EN DISPUTA ** D-Link DSL-2750U versi\u00f3n 1.11 est\u00e1 afectado por: Omisi\u00f3n de Autenticaci\u00f3n. El impacto es: denegaci\u00f3n del servicio y una fuga de informaci\u00f3n. El componente es: login. NOTA: Las terceras partes discuten estos problemas por no ser una vulnerabilidad porque, aunque se puede acceder al asistente sin autenticaci\u00f3n, en realidad no puede configurar nada. Por lo tanto, no hay denegaci\u00f3n de servicio o fuga de informaci\u00f3n."
}
],
"id": "CVE-2019-1010155",
"lastModified": "2024-11-21T04:18:00.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-23T14:15:12.623",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"source": "josh@bress.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
},
{
"source": "josh@bress.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/BQQbp2vn_wY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=7sk6agpcA_s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/BQQbp2vn_wY"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 05:15
Modified
2024-11-21 06:22
Severity ?
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2750u_firmware | * | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C13A6D-7BD6-452B-9810-1248592A7A77",
"versionEndIncluding": "1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device."
},
{
"lang": "es",
"value": "El router D-Link DSL-2750U con versiones de firmware vME1.16 o versiones anteriores, es vulnerable a una inyecci\u00f3n de comandos del SO. Un atacante no autenticado en la red local puede explotar esto, con CVE-2021-3707, para ejecutar cualquier comando del Sistema Operativo en el dispositivo vulnerable."
}
],
"id": "CVE-2021-3708",
"lastModified": "2024-11-21T06:22:12.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T05:15:06.377",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-16 05:15
Modified
2024-11-21 06:22
Severity ?
Summary
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2750u_firmware | * | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51C13A6D-7BD6-452B-9810-1248592A7A77",
"versionEndIncluding": "1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device."
},
{
"lang": "es",
"value": "El router D-Link DSL-2750U con versiones de firmware vME1.16 o versiones anteriores, es vulnerable a una modificaci\u00f3n no autorizada de la configuraci\u00f3n. Un atacante no autenticado en la red local puede explotar esto, con CVE-2021-3708, para ejecutar cualquier comando del Sistema Operativo en el dispositivo vulnerable."
}
],
"id": "CVE-2021-3707",
"lastModified": "2024-11-21T06:22:12.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-16T05:15:06.177",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92088210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-15"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-19 16:15
Modified
2024-11-21 08:27
Severity ?
Summary
D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlink | dsl-2730u_firmware | - | |
| dlink | dsl-2730u | - | |
| dlink | dsl-2750u_firmware | - | |
| dlink | dsl-2750u | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2730u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F8884A-C08D-45AE-8404-E5861D0948E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EAA6ED-2686-4C92-A438-C58AFF75CC50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dlink:dsl-2750u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD29C95B-F465-460E-B807-006A9ADBABDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A7A48A-C126-4EF2-91F8-A8D9987525FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. The UART/Serial interface on the PCB, provides log output and a root terminal without proper access control."
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** D-Link (Non-US) DSL-2750U N300 ADSL2+ y (Non-US) DSL-2730U N150 ADSL2+ son vulnerables a un control de acceso incorrecto. La interfaz UART/Serial en la PCB proporciona salida de registro y un terminal root sin control de acceso adecuado."
}
],
"id": "CVE-2023-46033",
"lastModified": "2024-11-21T08:27:47.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-19T16:15:09.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/products/dsl-2730u-wireless-n150-adsl2-router"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.dlink.com/en/products/dsl-2750u-wireless-n-300-adsl2-modem-router"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}