Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for M60 by D-Link

    CVE-2026-7554 (GCVE-0-2026-7554)

    Vulnerability from nvd – Published: 2026-05-01 04:45 – Updated: 2026-05-04 16:50
    VLAI
    Title
    D-Link M60 httpd password recovery
    Summary
    A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link M60 Affected: 1.20B02
    Create a notification for this product.
    Credits
    iam0range (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7554",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T16:47:16.958621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T16:50:08.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.20B02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "iam0range (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-640",
                  "description": "Weak Password Recovery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T04:45:15.575Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-360362 | D-Link M60 httpd password recovery",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/360362"
            },
            {
              "name": "VDB-360362 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/360362/cti"
            },
            {
              "name": "Submit #805642 | https://www.dlink.com/ M60 AX6000 Wi-Fi 6 Smart Mesh Router Firmware: V1.20B02   Translation Authentication Bypass + Encrypted Integrity Check By",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/805642"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-30T21:13:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link M60 httpd password recovery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7554",
        "datePublished": "2026-05-01T04:45:15.575Z",
        "dateReserved": "2026-04-30T19:07:48.377Z",
        "dateUpdated": "2026-05-04T16:50:08.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6045 (GCVE-0-2024-6045)

    Vulnerability from nvd – Published: 2024-06-17 03:12 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Hidden Backdoor
    Summary
    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-912 - Hidden Functionality
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    dlink g403_firmware Affected: 0 , < 1.10.01 (custom)
        cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e30_firmware Affected: 0 , < 1.10.02 (custom)
        cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e15_firmware Affected: 0 , < 1.20.01 (custom)
        cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-17 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "g403_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e30_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.02",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e15_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.20.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-22T03:55:29.791651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T13:16:42.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-17T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
                }
              ],
              "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-190",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T03:12:14.137Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a \u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406013",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Hidden Backdoor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6045",
        "datePublished": "2024-06-17T03:12:14.137Z",
        "dateReserved": "2024-06-17T01:58:49.676Z",
        "dateUpdated": "2024-08-01T21:25:03.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6044 (GCVE-0-2024-6044)

    Vulnerability from nvd – Published: 2024-06-17 02:30 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Arbitrary File Reading
    Summary
    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:25:27.426937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:25:43.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
                }
              ],
              "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T02:30:04.564Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a\u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a\nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406012",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6044",
        "datePublished": "2024-06-17T02:30:04.564Z",
        "dateReserved": "2024-06-17T01:58:48.367Z",
        "dateUpdated": "2024-08-01T21:25:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-7554 (GCVE-0-2026-7554)

    Vulnerability from cvelistv5 – Published: 2026-05-01 04:45 – Updated: 2026-05-04 16:50
    VLAI
    Title
    D-Link M60 httpd password recovery
    Summary
    A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    D-Link M60 Affected: 1.20B02
    Create a notification for this product.
    Credits
    iam0range (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7554",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-04T16:47:16.958621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-04T16:50:08.741Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.20B02"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "iam0range (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.1,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-640",
                  "description": "Weak Password Recovery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T04:45:15.575Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-360362 | D-Link M60 httpd password recovery",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/360362"
            },
            {
              "name": "VDB-360362 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/360362/cti"
            },
            {
              "name": "Submit #805642 | https://www.dlink.com/ M60 AX6000 Wi-Fi 6 Smart Mesh Router Firmware: V1.20B02   Translation Authentication Bypass + Encrypted Integrity Check By",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/805642"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.yuque.com/iam0range/rle72q/dhs1zsbgtm1ne0y1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-30T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-04-30T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-04-30T21:13:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link M60 httpd password recovery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-7554",
        "datePublished": "2026-05-01T04:45:15.575Z",
        "dateReserved": "2026-04-30T19:07:48.377Z",
        "dateUpdated": "2026-05-04T16:50:08.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6045 (GCVE-0-2024-6045)

    Vulnerability from cvelistv5 – Published: 2024-06-17 03:12 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Hidden Backdoor
    Summary
    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-912 - Hidden Functionality
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    dlink g403_firmware Affected: 0 , < 1.10.01 (custom)
        cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e30_firmware Affected: 0 , < 1.10.02 (custom)
        cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    dlink e15_firmware Affected: 0 , < 1.20.01 (custom)
        cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-17 03:12
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "g403_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e30_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.10.02",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "e15_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "lessThan": "1.20.01",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-22T03:55:29.791651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T13:16:42.373Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-06-17T03:12:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
                }
              ],
              "value": "Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-190",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-190 Reverse Engineer an Executable to Expose Assumed Hidden Functionality"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T03:12:14.137Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7879-da630-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a \u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a \nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406013",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Hidden Backdoor",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6045",
        "datePublished": "2024-06-17T03:12:14.137Z",
        "dateReserved": "2024-06-17T01:58:49.676Z",
        "dateUpdated": "2024-08-01T21:25:03.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6044 (GCVE-0-2024-6044)

    Vulnerability from cvelistv5 – Published: 2024-06-17 02:30 – Updated: 2024-08-01 21:25
    VLAI
    Title
    D-Link router - Arbitrary File Reading
    Summary
    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link G403 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G415 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link G416 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link M18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R03 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R04 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R12 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link R18 Affected: earlier , < 1.10.01 (custom)
    Create a notification for this product.
    D-Link E30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M30 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link M60 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link R32 Affected: earlier , < 1.10.02 (custom)
    Create a notification for this product.
    D-Link E15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    D-Link R15 Affected: earlier , < 1.20.01 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:25:27.426937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:25:43.368Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.216Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "G403",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G415",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "G416",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R03",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R04",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R12",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R18",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M30",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "M60",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R32",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.10.02",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "E15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R15",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThan": "1.20.01",
                  "status": "affected",
                  "version": "earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
                }
              ],
              "value": "Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-17T02:30:04.564Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-7877-b4674-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-7878-7c3d9-2.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\u003cbr\u003eG403, G415, G416, M18, R03, R04, R12, R18\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.10.02 or later version\uff1a\u003cbr\u003eE30, M30, M32, M60, R32\u003cbr\u003e\u003cbr\u003ePlease update firmware of following models to 1.20.01 or later version\uff1a\u003cbr\u003eE15, R15\u003cbr\u003e"
                }
              ],
              "value": "Please update firmware of following models to 1.10.01 or later version\uff1a\nG403, G415, G416, M18, R03, R04, R12, R18\n\nPlease update firmware of following models to 1.10.02 or later version\uff1a\nE30, M30, M32, M60, R32\n\nPlease update firmware of following models to 1.20.01 or later version\uff1a\nE15, R15"
            }
          ],
          "source": {
            "advisory": "TVN-202406012",
            "discovery": "EXTERNAL"
          },
          "title": "D-Link router - Arbitrary File Reading",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-6044",
        "datePublished": "2024-06-17T02:30:04.564Z",
        "dateReserved": "2024-06-17T01:58:48.367Z",
        "dateUpdated": "2024-08-01T21:25:03.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }