All the vulnerabilites related to D-Link - DIR-878
cve-2022-26670
Vulnerability from cvelistv5
Published
2022-04-07 18:22
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.
References
▼ | URL | Tags |
---|---|---|
https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:11:44.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DIR-878", "vendor": "D-Link", "versions": [ { "lessThanOrEqual": "1.20b05", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2022-03-31T00:00:00", "descriptions": [ { "lang": "en", "value": "D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-07T18:22:39", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html" } ], "solutions": [ { "lang": "en", "value": "Update firmware version to v1.30B08 Hotfix03" } ], "source": { "advisory": "TVN-202203003", "discovery": "EXTERNAL" }, "title": "D-Link DIR-878 - Command Injection", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-03-31T02:26:00.000Z", "ID": "CVE-2022-26670", "STATE": "PUBLIC", "TITLE": "D-Link DIR-878 - Command Injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "DIR-878", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "1.20b05" } ] } } ] }, "vendor_name": "D-Link" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78 OS Command Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5972-c259e-1.html" } ] }, "solution": [ { "lang": "en", "value": "Update firmware version to v1.30B08 Hotfix03" } ], "source": { "advisory": "TVN-202203003", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2022-26670", "datePublished": "2022-04-07T18:22:39.276740Z", "dateReserved": "2022-03-08T00:00:00", "dateUpdated": "2024-09-17T03:07:22.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0717
Vulnerability from cvelistv5
Published
2024-01-19 15:31
Modified
2024-08-01 18:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.251542 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.251542 | signature, permissions-required | |
https://github.com/999zzzzz/D-Link | exploit |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | D-Link | DAP-1360 |
Version: 20240112 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:11:35.784Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.251542" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.251542" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://github.com/999zzzzz/D-Link" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "modules": [ "HTTP GET Request Handler" ], "product": "DAP-1360", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-300", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-615", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-615GF", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-615S", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-615T", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-620", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-620S", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-806A", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-815", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-815AC", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-815S", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-816", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-820", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-822", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-825", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-825AC", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-825ACF", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-825ACG1", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-841", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-842", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-842S", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-843", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-853", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-878", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-882", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-1210", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-1260", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-2150", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-X1530", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DIR-X1860", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DSL-224", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DSL-245GR", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DSL-2640U", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DSL-2750U", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DSL-G2452GR", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DVG-5402G", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DVG-5402G", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DVG-5402GFRU", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DVG-N5402G", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DVG-N5402G-IL", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DWM-312W", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DWM-321", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DWR-921", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "DWR-953", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] }, { "modules": [ "HTTP GET Request Handler" ], "product": "Good Line Router v2", "vendor": "D-Link", "versions": [ { "status": "affected", "version": "20240112" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "99iz (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability." }, { "lang": "de", "value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Information Disclosure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-19T15:31:04.290Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.251542" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.251542" }, { "tags": [ "exploit" ], "url": "https://github.com/999zzzzz/D-Link" } ], "timeline": [ { "lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-01-19T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-01-19T08:26:48.000Z", "value": "VulDB entry last update" } ], "title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-0717", "datePublished": "2024-01-19T15:31:04.290Z", "dateReserved": "2024-01-19T07:21:32.386Z", "dateUpdated": "2024-08-01T18:11:35.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }