Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for G403 by D-Link

    CVE-2024-6045 (GCVE-0-2024-6045)

    Vulnerability from nvd – Published: 2024-06-17 03:12 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Hidden Backdoor
    Summary
    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-912 - Hidden Functionality
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    dlink g403_firmware Affected: 0 , < 1.10.01 (custom)
        cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e30_firmware Affected: 0 , < 1.10.02 (custom)
        cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e15_firmware Affected: 0 , < 1.20.01 (custom)
        cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-17 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "g403_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e30_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.02",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e15_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.20.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-22T03:55:29.791651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T13:16:42.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-17T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
                }
              ],
              "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-190",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T03:12:14.137Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a \u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406013",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Hidden Backdoor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6045",
        "datePublished": "2024-06-17T03:12:14.137Z",
        "dateReserved": "2024-06-17T01:58:49.676Z",
        "dateUpdated": "2024-08-01T21:25:03.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6044 (GCVE-0-2024-6044)

    Vulnerability from nvd – Published: 2024-06-17 02:30 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Arbitrary File Reading
    Summary
    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:25:27.426937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:25:43.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
                }
              ],
              "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T02:30:04.564Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a\u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a\nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406012",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6044",
        "datePublished": "2024-06-17T02:30:04.564Z",
        "dateReserved": "2024-06-17T01:58:48.367Z",
        "dateUpdated": "2024-08-01T21:25:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6045 (GCVE-0-2024-6045)

    Vulnerability from cvelistv5 – Published: 2024-06-17 03:12 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Hidden Backdoor
    Summary
    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-912 - Hidden Functionality
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    dlink g403_firmware Affected: 0 , < 1.10.01 (custom)
        cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e30_firmware Affected: 0 , < 1.10.02 (custom)
        cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e15_firmware Affected: 0 , < 1.20.01 (custom)
        cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-17 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "g403_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e30_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.02",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e15_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.20.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-22T03:55:29.791651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T13:16:42.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-17T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
                }
              ],
              "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-190",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T03:12:14.137Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a \u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406013",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Hidden Backdoor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6045",
        "datePublished": "2024-06-17T03:12:14.137Z",
        "dateReserved": "2024-06-17T01:58:49.676Z",
        "dateUpdated": "2024-08-01T21:25:03.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6044 (GCVE-0-2024-6044)

    Vulnerability from cvelistv5 – Published: 2024-06-17 02:30 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Arbitrary File Reading
    Summary
    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:25:27.426937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:25:43.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
                }
              ],
              "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T02:30:04.564Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a\u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a\nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406012",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6044",
        "datePublished": "2024-06-17T02:30:04.564Z",
        "dateReserved": "2024-06-17T01:58:48.367Z",
        "dateUpdated": "2024-08-01T21:25:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }