VAR-201405-0646
Vulnerability from variot - Updated: 2022-05-04 09:30D-Link DWC-1000 'thispage' has a directory traversal vulnerability, because the input submitted to platform.cgi via the \"thispage\" POST parameter is not fully filtered before being used to read the file, allowing remote attackers to exploit the vulnerability through directory traversal and The NULL byte of the URL encoding reads the contents of any file in the system. D-Link DWC-1000 is an enterprise router product of D-Link. D-Link DWC-1000 4.2.0.6_WW and earlier versions have a directory traversal vulnerability. An attacker could use this vulnerability to gain access to arbitrary files. D-Link DWC-1000 is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0646",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwc-1000",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dwc-1000 4.2.0.6 ww",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "dwc-1000 4.2.0.6b303 ww",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"db": "BID",
"id": "67470"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Holistic Security Consulting Gmbh",
"sources": [
{
"db": "BID",
"id": "67470"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
}
],
"trust": 0.9
},
"cve": "CVE-2014-3226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03155",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-03155",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWC-1000 \u0027thispage\u0027 has a directory traversal vulnerability, because the input submitted to platform.cgi via the \\\"thispage\\\" POST parameter is not fully filtered before being used to read the file, allowing remote attackers to exploit the vulnerability through directory traversal and The NULL byte of the URL encoding reads the contents of any file in the system. D-Link DWC-1000 is an enterprise router product of D-Link. \nD-Link DWC-1000 4.2.0.6_WW and earlier versions have a directory traversal vulnerability. An attacker could use this vulnerability to gain access to arbitrary files. D-Link DWC-1000 is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"db": "BID",
"id": "67470"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "DLINK",
"id": "SAP10026",
"trust": 1.5
},
{
"db": "BID",
"id": "67470",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-03155",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349",
"trust": 0.6
},
{
"db": "NVD",
"id": "CVE-2014-3226",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "58560",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-062",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"db": "BID",
"id": "67470"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
]
},
"id": "VAR-201405-0646",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
}
]
},
"last_update_date": "2022-05-04T09:30:14.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link DWC-1000 \u0027thispage\u0027 directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45761"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10026"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/67470"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/58560"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/us/en/business-solutions/wireless/unified-wireless/wireless-controllers/dwc-1000-d-link-wireless-controller"
},
{
"trust": 0.3,
"url": "http://www.d-link.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"db": "BID",
"id": "67470"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"db": "BID",
"id": "67470"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"date": "2014-05-10T00:00:00",
"db": "BID",
"id": "67470"
},
{
"date": "2014-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"date": "2014-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03155"
},
{
"date": "2014-05-10T00:00:00",
"db": "BID",
"id": "67470"
},
{
"date": "2014-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWC-1000 Directory Traversal Vulnerability",
"sources": [
{
"db": "BID",
"id": "67470"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-349"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-062"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…