Search criteria
1 vulnerability found for dap-1360u by dlink
VAR-202010-0544
Vulnerability from variot - Updated: 2024-11-23 23:01D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). D-Link DAP-1360U A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-136 is a wireless network signal extender.
D-Link DAP-136 has security vulnerabilities in processing IP parameters, allowing remote attackers to use the vulnerabilities to submit special requests and execute arbitrary commands in the context of the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0544",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-1360u",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "3.0.1"
},
{
"model": "d-link dap-1360u",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-1360u",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "3.0.1 less than"
},
{
"model": "dap-1360u",
"scope": "lt",
"trust": 0.6,
"vendor": "d link",
"version": "3.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"cve": "CVE-2020-26582",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-26582",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-59072",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-26582",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-26582",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-26582",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-26582",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-59072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-175",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3\u0026res_config_id=18). D-Link DAP-1360U A command injection vulnerability exists in the device.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-136 is a wireless network signal extender. \n\r\n\r\nD-Link DAP-136 has security vulnerabilities in processing IP parameters, allowing remote attackers to use the vulnerabilities to submit special requests and execute arbitrary commands in the context of the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26582"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNVD",
"id": "CNVD-2020-59072"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26582",
"trust": 3.0
},
{
"db": "DLINK",
"id": "SAP10191",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-59072",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "50477",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"id": "VAR-202010-0544",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
}
]
},
"last_update_date": "2024-11-23T23:01:13.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Authenticated\u00a0Command\u00a0Injection",
"trust": 0.8,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10191"
},
{
"title": "Patch for D-Link DAP-136 IP parameter command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/237799"
},
{
"title": "D-Link DAP-136 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131098"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10191"
},
{
"trust": 1.6,
"url": "https://wilomousky.blogspot.com/2020/10/dap-1360u-cmdi.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26582"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50477"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"date": "2020-10-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"date": "2020-10-06T16:15:12.887000",
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59072"
},
{
"date": "2021-04-26T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-012121"
},
{
"date": "2020-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-175"
},
{
"date": "2024-11-21T05:20:07.010000",
"db": "NVD",
"id": "CVE-2020-26582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DAP-1360U\u00a0 Command injection vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012121"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-175"
}
],
"trust": 0.6
}
}