Search criteria
5 vulnerabilities found for dap-1330 by dlink
VAR-202002-1368
Vulnerability from variot - Updated: 2025-01-30 22:24This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. Zero Day Initiative To this vulnerability ZDI-CAN-9554 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-1330 is a N300 Wi-Fi range extender
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dap-1330",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b01 beta"
},
{
"_id": null,
"model": "dap-1330",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330 1.10b01 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dap-1330_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
}
]
},
"credits": {
"_id": null,
"data": "chung96vn - Security Researcher of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-265"
}
],
"trust": 0.7
},
"cve": "CVE-2020-8861",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-8861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002268",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-13155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002268",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-8861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-002268",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-8861",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-13155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1073",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9554. Zero Day Initiative To this vulnerability ZDI-CAN-9554 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-1330 is a N300 Wi-Fi range extender",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8861"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
}
],
"trust": 2.79
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-8861",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-20-265",
"trust": 2.3
},
{
"db": "DLINK",
"id": "SAP10155",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9554",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-13155",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
}
]
},
"id": "VAR-202002-1368",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"network device"
],
"sub_category": "router",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
}
]
},
"last_update_date": "2025-01-30T22:24:04.179000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SAP10155",
"trust": 1.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10155"
},
{
"title": "Patch for D-Link DAP-1330 Certification Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/204099"
},
{
"title": "D-Link DAP-1330 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110261"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
},
{
"problemtype": "CWE-303",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10155"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-265/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8861"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8861"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8861\\"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "ZDI",
"id": "ZDI-20-265"
},
{
"db": "CNVD",
"id": "CNVD-2020-13155"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
},
{
"db": "NVD",
"id": "CVE-2020-8861"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "OTHER",
"id": null,
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-265",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-13155",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002268",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1073",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-8861",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-02-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-265",
"ident": null
},
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13155",
"ident": null
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002268",
"ident": null
},
{
"date": "2020-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1073",
"ident": null
},
{
"date": "2020-02-22T00:15:10.843000",
"db": "NVD",
"id": "CVE-2020-8861",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-02-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-265",
"ident": null
},
{
"date": "2020-02-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13155",
"ident": null
},
{
"date": "2020-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002268",
"ident": null
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1073",
"ident": null
},
{
"date": "2024-11-21T05:39:35.340000",
"db": "NVD",
"id": "CVE-2020-8861",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "D-Link DAP-1330 Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002268"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1073"
}
],
"trust": 0.6
}
}
VAR-202107-0890
Vulnerability from variot - Updated: 2024-08-14 15:33This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1330 firmware 1.13b01 beta"
},
{
"_id": null,
"model": "dap-1330",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330 1.13b01 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-679"
},
{
"db": "CNVD",
"id": "CNVD-2021-51472"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
}
]
},
"credits": {
"_id": null,
"data": "phieulang aka Hoang Le of VietSunShine Cyber Security Services",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-679"
}
],
"trust": 0.7
},
"cve": "CVE-2021-34827",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-34827",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-51472",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34827",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34827",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34827",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2021-34827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34827",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-34827",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-51472",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1104",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34827",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-679"
},
{
"db": "CNVD",
"id": "CNVD-2021-51472"
},
{
"db": "VULMON",
"id": "CVE-2021-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1104"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company\u0027s network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "ZDI",
"id": "ZDI-21-679"
},
{
"db": "CNVD",
"id": "CNVD-2021-51472"
},
{
"db": "VULMON",
"id": "CVE-2021-34827"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-34827",
"trust": 4.6
},
{
"db": "ZDI",
"id": "ZDI-21-679",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12029",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-51472",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1104",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34827",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-679"
},
{
"db": "CNVD",
"id": "CNVD-2021-51472"
},
{
"db": "VULMON",
"id": "CVE-2021-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1104"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
}
]
},
"id": "VAR-202107-0890",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51472"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51472"
}
]
},
"last_update_date": "2024-08-14T15:33:06.647000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com.br/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-679/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34827"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1104"
},
{
"db": "NVD",
"id": "CVE-2021-34827"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-679",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-51472",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-34827",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009579",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1104",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-34827",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "ZDI",
"id": "ZDI-21-679",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51472",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34827",
"ident": null
},
{
"date": "2022-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009579",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1104",
"ident": null
},
{
"date": "2021-07-15T18:15:09.233000",
"db": "NVD",
"id": "CVE-2021-34827",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-679",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51472",
"ident": null
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34827",
"ident": null
},
{
"date": "2022-05-11T04:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-009579",
"ident": null
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1104",
"ident": null
},
{
"date": "2021-07-20T16:36:26.177000",
"db": "NVD",
"id": "CVE-2021-34827",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1104"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "D-Link\u00a0DAP-1330\u00a0 Stack-based buffer overflow vulnerability in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009579"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1104"
}
],
"trust": 0.6
}
}
VAR-202107-0893
Vulnerability from variot - Updated: 2024-08-14 15:27This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1330 firmware 1.13b01 beta"
},
{
"_id": null,
"model": "dap-1330",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330 1.13b01 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-682"
},
{
"db": "CNVD",
"id": "CNVD-2021-51475"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
}
]
},
"credits": {
"_id": null,
"data": "phieulang aka Hoang Le of VietSunShine Cyber Security Services",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-682"
}
],
"trust": 0.7
},
"cve": "CVE-2021-34830",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-34830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-51475",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34830",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34830",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34830",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34830",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2021-34830",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34830",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-34830",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-51475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1105",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34830",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-682"
},
{
"db": "CNVD",
"id": "CNVD-2021-51475"
},
{
"db": "VULMON",
"id": "CVE-2021-34830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1105"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company\u0027s network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "ZDI",
"id": "ZDI-21-682"
},
{
"db": "CNVD",
"id": "CNVD-2021-51475"
},
{
"db": "VULMON",
"id": "CVE-2021-34830"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-34830",
"trust": 4.6
},
{
"db": "ZDI",
"id": "ZDI-21-682",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12028",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-51475",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1105",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34830",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-682"
},
{
"db": "CNVD",
"id": "CNVD-2021-51475"
},
{
"db": "VULMON",
"id": "CVE-2021-34830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1105"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
}
]
},
"id": "VAR-202107-0893",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51475"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51475"
}
]
},
"last_update_date": "2024-08-14T15:27:43.528000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com.br/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-682/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34830"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51475"
},
{
"db": "VULMON",
"id": "CVE-2021-34830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1105"
},
{
"db": "NVD",
"id": "CVE-2021-34830"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-682",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-51475",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-34830",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009582",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1105",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-34830",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "ZDI",
"id": "ZDI-21-682",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51475",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34830",
"ident": null
},
{
"date": "2022-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009582",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1105",
"ident": null
},
{
"date": "2021-07-15T18:15:09.593000",
"db": "NVD",
"id": "CVE-2021-34830",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-682",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51475",
"ident": null
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34830",
"ident": null
},
{
"date": "2022-05-11T04:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-009582",
"ident": null
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1105",
"ident": null
},
{
"date": "2021-07-20T15:25:50.233000",
"db": "NVD",
"id": "CVE-2021-34830",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1105"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "D-Link\u00a0DAP-1330\u00a0 Stack-based buffer overflow vulnerability in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009582"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1105"
}
],
"trust": 0.6
}
}
VAR-202107-0891
Vulnerability from variot - Updated: 2024-08-14 14:37This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1330 firmware 1.13b01 beta"
},
{
"_id": null,
"model": "dap-1330",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330 1.13b01 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-680"
},
{
"db": "CNVD",
"id": "CNVD-2021-51473"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
}
]
},
"credits": {
"_id": null,
"data": "chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-680"
}
],
"trust": 0.7
},
"cve": "CVE-2021-34828",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-34828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-51473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34828",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34828",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "ZDI-21-680",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34828",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2021-34828",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34828",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "ZDI-21-680",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-51473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1103",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34828",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-680"
},
{
"db": "CNVD",
"id": "CNVD-2021-51473"
},
{
"db": "VULMON",
"id": "CVE-2021-34828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1103"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company\u0027s network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "ZDI",
"id": "ZDI-21-680"
},
{
"db": "CNVD",
"id": "CNVD-2021-51473"
},
{
"db": "VULMON",
"id": "CVE-2021-34828"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-34828",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-21-680",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12066",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-51473",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1103",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34828",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-680"
},
{
"db": "CNVD",
"id": "CNVD-2021-51473"
},
{
"db": "VULMON",
"id": "CVE-2021-34828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1103"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
}
]
},
"id": "VAR-202107-0891",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51473"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51473"
}
]
},
"last_update_date": "2024-08-14T14:37:59.233000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com.br/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-680/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34828"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51473"
},
{
"db": "VULMON",
"id": "CVE-2021-34828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1103"
},
{
"db": "NVD",
"id": "CVE-2021-34828"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-680",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-51473",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-34828",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009580",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1103",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-34828",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "ZDI",
"id": "ZDI-21-680",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51473",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34828",
"ident": null
},
{
"date": "2022-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009580",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1103",
"ident": null
},
{
"date": "2021-07-15T18:15:09.327000",
"db": "NVD",
"id": "CVE-2021-34828",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "ZDI",
"id": "ZDI-21-680",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51473",
"ident": null
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34828",
"ident": null
},
{
"date": "2022-05-11T04:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-009580",
"ident": null
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1103",
"ident": null
},
{
"date": "2021-07-20T16:33:19.747000",
"db": "NVD",
"id": "CVE-2021-34828",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1103"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "D-Link\u00a0DAP-1330\u00a0 Classic buffer overflow vulnerability in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009580"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1103"
}
],
"trust": 0.6
}
}
VAR-202107-0892
Vulnerability from variot - Updated: 2024-08-14 14:18This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12065 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dap-1330",
"scope": null,
"trust": 1.3,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b01"
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dap-1330",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-1330 firmware 1.13b01 beta"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-681"
},
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
}
]
},
"credits": {
"_id": null,
"data": "phieulang aka Hoang Le of VietSunShine Cyber Security Services",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-681"
}
],
"trust": 0.7
},
"cve": "CVE-2021-34829",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2021-34829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-51474",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34829",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34829",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-34829",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34829",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2021-34829",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34829",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2021-34829",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-51474",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1106",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-34829",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-681"
},
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "VULMON",
"id": "CVE-2021-34829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12065 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company\u0027s network equipment",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "ZDI",
"id": "ZDI-21-681"
},
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "VULMON",
"id": "CVE-2021-34829"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-34829",
"trust": 4.6
},
{
"db": "ZDI",
"id": "ZDI-21-681",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12065",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-51474",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-34829",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-681"
},
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "VULMON",
"id": "CVE-2021-34829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
}
]
},
"id": "VAR-202107-0892",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51474"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51474"
}
]
},
"last_update_date": "2024-08-14T14:18:25.122000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.dlink.com.br/"
},
{
"title": "Patch for D-Link DAP-1330 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/279456"
},
{
"title": "D-Link DAP-1330 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156949"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-681/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34829"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-51474"
},
{
"db": "VULMON",
"id": "CVE-2021-34829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
},
{
"db": "NVD",
"id": "CVE-2021-34829"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-681",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-51474",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-34829",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009581",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1106",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-34829",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "ZDI",
"id": "ZDI-21-681",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51474",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34829",
"ident": null
},
{
"date": "2022-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009581",
"ident": null
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1106",
"ident": null
},
{
"date": "2021-07-15T18:15:09.417000",
"db": "NVD",
"id": "CVE-2021-34829",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-09-27T00:00:00",
"db": "ZDI",
"id": "ZDI-21-681",
"ident": null
},
{
"date": "2021-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-51474",
"ident": null
},
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34829",
"ident": null
},
{
"date": "2022-05-11T04:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-009581",
"ident": null
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1106",
"ident": null
},
{
"date": "2021-07-20T15:30:15.217000",
"db": "NVD",
"id": "CVE-2021-34829",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "D-Link\u00a0DAP-1330\u00a0 Classic buffer overflow vulnerability in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009581"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1106"
}
],
"trust": 0.6
}
}