Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for dap-2020 by dlink

    VAR-202305-0177

    Vulnerability from variot - Updated: 2025-05-22 22:54

    D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18417. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0177",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32139",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33377",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32139",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32139",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32139",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32139",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32139",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32139",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32139",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33377",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18417. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32139"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32139",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-531",
            "trust": 2.6
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18417",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32139",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "id": "VAR-202305-0177",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          }
        ]
      },
      "last_update_date": "2025-05-22T22:54:54.247000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Stack Buffer Overflow Vulnerability (CNVD-2024-33377)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571161"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.9,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-531/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32139"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32139"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "date": "2024-05-03T02:15:17.400000",
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-531"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33377"
          },
          {
            "date": "2025-05-19T11:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          },
          {
            "date": "2025-05-16T19:11:33.617000",
            "db": "NVD",
            "id": "CVE-2023-32139"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029011"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0153

    Vulnerability from variot - Updated: 2025-05-22 22:54

    D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18423. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 The firmware contains a vulnerability related to a numerical truncation error.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0153",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32143",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33376",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-029008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-32143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-029008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32143",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33376",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18423. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 The firmware contains a vulnerability related to a numerical truncation error.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32143",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-535",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18423",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "id": "VAR-202305-0153",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          }
        ]
      },
      "last_update_date": "2025-05-22T22:54:54.205000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571151"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-197",
            "trust": 1.0
          },
          {
            "problemtype": "Numerical truncation error (CWE-197) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-535/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32143"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32143"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "date": "2024-05-03T02:15:18.053000",
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-535"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33376"
          },
          {
            "date": "2025-05-19T11:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          },
          {
            "date": "2025-05-16T19:11:17.567000",
            "db": "NVD",
            "id": "CVE-2023-32143"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Numerical truncation error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-029008"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0166

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18414. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32136",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33378",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32136",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32136",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32136",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32136",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33378",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:menu parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18414. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32136"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32136",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-528",
            "trust": 2.6
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18414",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32136",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "id": "VAR-202305-0166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.465000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571156"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.9,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-528/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32136"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32136"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "date": "2024-05-03T02:15:16.860000",
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-528"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33378"
          },
          {
            "date": "2025-05-19T03:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          },
          {
            "date": "2025-05-16T19:08:43.250000",
            "db": "NVD",
            "id": "CVE-2023-32136"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028973"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0218

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18419. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0218",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32141",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33381",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32141",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32141",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33381",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the getpage and errorpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18419. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32141",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-533",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18419",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "id": "VAR-202305-0218",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.438000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Stack Buffer Overflow Vulnerability (CNVD-2024-33381)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571171"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-533/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32141"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32141"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "date": "2024-05-03T02:15:17.730000",
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-533"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33381"
          },
          {
            "date": "2025-05-19T05:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          },
          {
            "date": "2025-05-16T19:11:27.997000",
            "db": "NVD",
            "id": "CVE-2023-32141"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028988"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0176

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18418. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 1.3,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware  6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware  1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32140",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "CNVD-2024-33374",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2023-32140",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2023-32140",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-028967",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2023-32140",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32140",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-32140",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-028967",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32140",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33374",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18418. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32140"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32140",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-532",
            "trust": 2.6
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18418",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32140",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "id": "VAR-202305-0176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.407000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Heap Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571141"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Heap-based buffer overflow (CWE-122) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.9,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-532/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32140"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32140"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "date": "2024-05-03T02:15:17.567000",
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-532"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33374"
          },
          {
            "date": "2025-05-19T02:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          },
          {
            "date": "2025-05-16T19:11:31.057000",
            "db": "NVD",
            "id": "CVE-2023-32140"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Heap-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028967"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0216

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18746. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0216",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32146",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33382",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32146",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32146",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-028955",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32146",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32146",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-32146",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-028955",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32146",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33382",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18746. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32146",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-538",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18746",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "id": "VAR-202305-0216",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.350000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Stack Buffer Overflow Vulnerability (CNVD-2024-33382)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571246"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-538/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32146"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32146"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "date": "2024-05-03T02:15:18.553000",
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-538"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33382"
          },
          {
            "date": "2025-05-19T01:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          },
          {
            "date": "2025-05-16T19:11:01.890000",
            "db": "NVD",
            "id": "CVE-2023-32146"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2020\u00a0 firmware and \u00a0DAP-1360\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028955"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0217

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18455. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0217",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32145",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33375",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32145",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32145",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32145",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32145",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32145",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33375",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the processing of login requests to the web-based user interface. The firmware contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18455. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32145",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-537",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18455",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "id": "VAR-202305-0217",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.323000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Hardcoded Authentication Bypass Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571146"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Using hardcoded passwords (CWE-259) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-537/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32145"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32145"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "date": "2024-05-03T02:15:18.390000",
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-537"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33375"
          },
          {
            "date": "2025-05-19T02:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          },
          {
            "date": "2025-05-16T19:11:11.587000",
            "db": "NVD",
            "id": "CVE-2023-32145"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028970"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0070

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0070",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32144",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33379",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32144",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32144",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32144",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32144",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32144",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33379",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18454. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32144",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-536",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18454",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "id": "VAR-202305-0070",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.296000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571166"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-536/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32144"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32144"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "date": "2024-05-03T02:15:18.227000",
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-536"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33379"
          },
          {
            "date": "2025-05-19T05:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          },
          {
            "date": "2025-05-16T19:11:14.780000",
            "db": "NVD",
            "id": "CVE-2023-32144"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028982"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0154

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18422. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0154",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32142",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2024-33380",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32142",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32142",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32142",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32142",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33380",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18422. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32142"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32142",
            "trust": 4.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-534",
            "trust": 2.6
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18422",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32142",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "id": "VAR-202305-0154",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.242000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 Stack Buffer Overflow Vulnerability (CNVD-2024-33380)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571176"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.9,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-534/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32142"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32142"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "date": "2024-05-03T02:15:17.893000",
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-534"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33380"
          },
          {
            "date": "2025-05-19T01:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          },
          {
            "date": "2025-05-16T19:11:23.310000",
            "db": "NVD",
            "id": "CVE-2023-32142"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028951"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0219

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-18415. D-Link Systems, Inc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0219",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 1.5,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32137",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32137",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32137",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-32137",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32137",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32137",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32137",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32137",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32137",
                "trust": 0.7,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc WEB_DisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-18415. D-Link Systems, Inc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32137"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32137",
            "trust": 3.4
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-529",
            "trust": 2.6
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18415",
            "trust": 0.7
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32137",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "id": "VAR-202305-0219",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6368367500000001
      },
      "last_update_date": "2025-05-20T23:28:09.217000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          },
          {
            "problemtype": "Path traversal (CWE-22) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.9,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-529/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32137"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "date": "2024-05-03T02:15:17.040000",
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-529"
          },
          {
            "date": "2025-05-19T01:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          },
          {
            "date": "2025-05-16T19:11:40.060000",
            "db": "NVD",
            "id": "CVE-2023-32137"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Path traversal vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028948"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202305-0071

    Vulnerability from variot - Updated: 2025-05-20 23:28

    D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.

    The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18416. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0071",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dap-1360",
            "scope": null,
            "trust": 2.1,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dap-1360",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "6.15eub01"
          },
          {
            "model": "dap-2020",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03rc004"
          },
          {
            "model": "dap-2020",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2023-32138",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.2,
                "id": "CNVD-2024-33373",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2023-32138",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32138",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-32138",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2023-32138",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2023-32138",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32138",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32138",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2023-32138",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-33373",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18416. D-Link Systems, Inc. of DAP-1360 firmware and DAP-2020 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-1360 is a router from D-Link, a Chinese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32138",
            "trust": 3.9
          },
          {
            "db": "ZDI",
            "id": "ZDI-23-530",
            "trust": 2.5
          },
          {
            "db": "DLINK",
            "id": "SAP10324",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-18416",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "id": "VAR-202305-0071",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          }
        ],
        "trust": 1.2368367500000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          }
        ]
      },
      "last_update_date": "2025-05-20T23:28:09.188000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10324"
          },
          {
            "title": "Patch for D-Link DAP-1360 heap buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/571136"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10324"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-23-530/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32138"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32138"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "date": "2024-07-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "date": "2025-05-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "date": "2024-05-03T02:15:17.217000",
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-04T00:00:00",
            "db": "ZDI",
            "id": "ZDI-23-530"
          },
          {
            "date": "2024-07-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-33373"
          },
          {
            "date": "2025-05-19T05:22:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          },
          {
            "date": "2025-05-16T19:11:36.990000",
            "db": "NVD",
            "id": "CVE-2023-32138"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-1360\u00a0 firmware and \u00a0DAP-2020\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-028985"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202104-1035

    Vulnerability from variot - Updated: 2025-01-30 21:50

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793. The vulnerability stems from the program's failure to correctly verify the string provided by the user before executing the system call

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 0.7,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020 v1.01rc001",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Anthony Schneiter \u0026 Jannis Kirschner from Team SUID (in alphabetical order)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27249",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27249",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-40325",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27249",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27249",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27249",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27249",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27249",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27249",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-40325",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1141",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27249",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793. The vulnerability stems from the program\u0027s failure to correctly verify the string provided by the user before executing the system call",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27249",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-204",
            "trust": 2.4
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11369",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          }
        ]
      },
      "id": "VAR-202104-1035",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          }
        ],
        "trust": 1.3399999999999999
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "network device"
            ],
            "sub_category": "access point",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          }
        ]
      },
      "last_update_date": "2025-01-30T21:50:19.053000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 command injection vulnerability (CNVD-2021-40325)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/270741"
          },
          {
            "title": "D-Link DAP-2020 Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147624"
          },
          {
            "title": "https://github.com/Alonzozzz/alonzzzo",
            "trust": 0.1,
            "url": "https://github.com/Alonzozzz/alonzzzo "
          },
          {
            "title": "Vulnerability",
            "trust": 0.1,
            "url": "https://github.com/tzwlhack/Vulnerability "
          },
          {
            "title": "SecBooks\nSecBooks\u76ee\u5f55",
            "trust": 0.1,
            "url": "https://github.com/SexyBeast233/SecBooks "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-204/"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27249"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alonzozzz/alonzzzo"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "OTHER",
            "id": null,
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-204",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40325",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27249",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27249",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-204",
            "ident": null
          },
          {
            "date": "2021-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40325",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27249",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1141",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.453000",
            "db": "NVD",
            "id": "CVE-2021-27249",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-204",
            "ident": null
          },
          {
            "date": "2021-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40325",
            "ident": null
          },
          {
            "date": "2023-11-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27249",
            "ident": null
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1141",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.050000",
            "db": "NVD",
            "id": "CVE-2021-27249",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link DAP-2020 WEB_CmdFileList Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-204"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1141"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1034

    Vulnerability from variot - Updated: 2025-01-30 21:03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 0.7,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020 v1.01rc001",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "chung96vn ft Hoang Le (phieulang)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27248",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27248",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-40324",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27248",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27248",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27248",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27248",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27248",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27248",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-40324",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1143",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27248",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. D-Link DAP-2020 is a WiFi range extender from D-Link in Taiwan. TCP (Transmission Control Protocol, Transmission Control Protocol) is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF RFC 793",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27248",
            "trust": 3.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-203",
            "trust": 2.4
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-10932",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          }
        ]
      },
      "id": "VAR-202104-1034",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          }
        ],
        "trust": 1.3399999999999999
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "network device"
            ],
            "sub_category": "access point",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          }
        ]
      },
      "last_update_date": "2025-01-30T21:03:58.421000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/270746"
          },
          {
            "title": "D-Link DAP-2020 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147505"
          },
          {
            "title": "alonzzzo",
            "trust": 0.1,
            "url": "https://github.com/Alonzozzz/alonzzzo "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-203/"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27248"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "OTHER",
            "id": null,
            "ident": null
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-203",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-40324",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27248",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27248",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-203",
            "ident": null
          },
          {
            "date": "2021-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40324",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27248",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1143",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.360000",
            "db": "NVD",
            "id": "CVE-2021-27248",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-09-27T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-203",
            "ident": null
          },
          {
            "date": "2021-06-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-40324",
            "ident": null
          },
          {
            "date": "2023-04-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27248",
            "ident": null
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1143",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:40.923000",
            "db": "NVD",
            "id": "CVE-2021-27248",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link DAP-2020 webproc getpage Stack-based Buffer Overflow Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-203"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1143"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-1036

    Vulnerability from variot - Updated: 2024-11-23 21:50

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. D-Link, established in 1986, was listed on the Taiwan Stock Exchange in October 1994

    City, the first listed network company in Taiwan Province of China, sold globally under the self-created D-Link brand, with more than 100 products

    Countries

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 1.3,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "SUID",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-27250",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-27250",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.1,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-28689",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27250",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27250",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-27250",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-27250",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-27250",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-27250",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-28689",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-1139",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-27250",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. D-Link, established in 1986, was listed on the Taiwan Stock Exchange in October 1994\r\n\r\nCity, the first listed network company in Taiwan Province of China, sold globally under the self-created D-Link brand, with more than 100 products\r\n\r\nCountries",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-27250",
            "trust": 3.0
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-205",
            "trust": 2.4
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11856",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          }
        ]
      },
      "id": "VAR-202104-1036",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          }
        ],
        "trust": 1.24
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:50:53.291000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "D-Link has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "D-Link DAP-2020 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147501"
          },
          {
            "title": "https://github.com/Alonzozzz/alonzzzo",
            "trust": 0.1,
            "url": "https://github.com/Alonzozzz/alonzzzo "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/ArrestX/--POC "
          },
          {
            "title": "Normal-POC",
            "trust": 0.1,
            "url": "https://github.com/Miraitowa70/POC-Notes "
          },
          {
            "title": "Normal-POC",
            "trust": 0.1,
            "url": "https://github.com/Miraitowa70/Pentest-Notes "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/KayCHENvip/vulnerability-poc "
          },
          {
            "title": "https://github.com/20142995/Goby",
            "trust": 0.1,
            "url": "https://github.com/20142995/Goby "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/Threekiii/Awesome-POC "
          },
          {
            "title": "Goby_POC\nPOC \u6570\u91cf1319",
            "trust": 0.1,
            "url": "https://github.com/Z0fhack/Goby_POC "
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-73",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 1.8,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-205/"
          },
          {
            "trust": 0.6,
            "url": "https://suid.ch/research/dap-2020_preauth_rce_chain.html"
          },
          {
            "trust": 0.6,
            "url": "https://mp.weixin.qq.com/s/spm8akrz1byxd9qz6n_71w"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27250"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/73.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alonzozzz/alonzzzo"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-28689",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-27250",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-27250",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-205",
            "ident": null
          },
          {
            "date": "2021-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-28689",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27250",
            "ident": null
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1139",
            "ident": null
          },
          {
            "date": "2021-04-14T16:15:13.533000",
            "db": "NVD",
            "id": "CVE-2021-27250",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-205",
            "ident": null
          },
          {
            "date": "2021-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-28689",
            "ident": null
          },
          {
            "date": "2023-11-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-27250",
            "ident": null
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-1139",
            "ident": null
          },
          {
            "date": "2024-11-21T05:57:41.163000",
            "db": "NVD",
            "id": "CVE-2021-27250",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link DAP-2020 errorpage External Control of File Name Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-205"
          }
        ],
        "trust": 0.7
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-1139"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-1148

    Vulnerability from variot - Updated: 2024-08-14 14:18

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13270 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 1.5,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=1.01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "chung96vn \u0026 Quang Nguyen (aka sovietw0rm) of Vietnam National Cyber Security Center (NCSC Vietnam)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-34862",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-34862",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-67523",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34862",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34862",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34862",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34862",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-34862",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-34862",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-34862",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67523",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202108-1618",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13270 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34862"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34862",
            "trust": 4.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-978",
            "trust": 3.8
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13270",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34862",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          }
        ]
      },
      "id": "VAR-202110-1148",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          }
        ],
        "trust": 1.24
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:18:20.185000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Multiple\u00a0Vulnerability",
            "trust": 1.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 stack buffer overflow vulnerability (CNVD-2021-67523)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288991"
          },
          {
            "title": "D-Link DAP-2020 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160427"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-978/"
          },
          {
            "trust": 2.3,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34862"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34862"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-978",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67523",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34862",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34862",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-978",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67523",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014127",
            "ident": null
          },
          {
            "date": "2021-08-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1618",
            "ident": null
          },
          {
            "date": "2021-10-25T17:15:08.537000",
            "db": "NVD",
            "id": "CVE-2021-34862",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-978",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67523",
            "ident": null
          },
          {
            "date": "2022-10-05T05:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014127",
            "ident": null
          },
          {
            "date": "2021-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1618",
            "ident": null
          },
          {
            "date": "2023-04-26T19:27:52.350000",
            "db": "NVD",
            "id": "CVE-2021-34862",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link\u00a0DAP-2020\u00a0 Stack-based buffer overflow vulnerability in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014127"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1618"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-1327

    Vulnerability from variot - Updated: 2024-08-14 14:18

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12104 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 1.5,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=1.01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "chung96vn ft phieulang ft ChiTran",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          }
        ],
        "trust": 1.3
      },
      "cve": "CVE-2021-34861",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-34861",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-67522",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34861",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-34861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-34861",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-34861",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67522",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202108-1620",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12104 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34861"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34861",
            "trust": 4.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-977",
            "trust": 3.8
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12104",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34861",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          }
        ]
      },
      "id": "VAR-202110-1327",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          }
        ],
        "trust": 1.24
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:18:20.119000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Multiple\u00a0Vulnerability",
            "trust": 1.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 stack buffer overflow vulnerability (CNVD-2021-67522)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288986"
          },
          {
            "title": "D-Link DAP-2020 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164632"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-977/"
          },
          {
            "trust": 2.3,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34861"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34861"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-977",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67522",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34861",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34861",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-18T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-977",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67522",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014128",
            "ident": null
          },
          {
            "date": "2021-08-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1620",
            "ident": null
          },
          {
            "date": "2021-10-25T17:15:08.477000",
            "db": "NVD",
            "id": "CVE-2021-34861",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-18T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-977",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67522",
            "ident": null
          },
          {
            "date": "2022-10-05T05:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014128",
            "ident": null
          },
          {
            "date": "2021-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1620",
            "ident": null
          },
          {
            "date": "2023-04-26T19:27:52.350000",
            "db": "NVD",
            "id": "CVE-2021-34861",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link\u00a0DAP-2020\u00a0 Stack-based buffer overflow vulnerability in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014128"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1620"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-1147

    Vulnerability from variot - Updated: 2024-08-14 14:18

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13271 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 1.5,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=1.01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "chung96vn \u0026 Quang Nguyen (aka sovietw0rm) of Vietnam National Cyber Security Center (NCSC Vietnam)",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2021-34863",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-34863",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-67524",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34863",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34863",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34863",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34863",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-34863",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-34863",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-34863",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67524",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202108-1617",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271. D-Link DAP-2020 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-13271 Was numbering.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DAP-2020 is a wireless N access point",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34863"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34863",
            "trust": 4.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-979",
            "trust": 3.8
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-13271",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34863",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          }
        ]
      },
      "id": "VAR-202110-1147",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          }
        ],
        "trust": 1.24
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:18:20.083000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Multiple\u00a0Vulnerability",
            "trust": 1.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288996"
          },
          {
            "title": "D-Link DAP-2020 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160426"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-979/"
          },
          {
            "trust": 2.3,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34863"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-979",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67524",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34863",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34863",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-979",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67524",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014126",
            "ident": null
          },
          {
            "date": "2021-08-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1617",
            "ident": null
          },
          {
            "date": "2021-10-25T17:15:08.600000",
            "db": "NVD",
            "id": "CVE-2021-34863",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-979",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67524",
            "ident": null
          },
          {
            "date": "2022-10-05T05:40:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014126",
            "ident": null
          },
          {
            "date": "2021-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1617",
            "ident": null
          },
          {
            "date": "2023-04-26T19:27:52.350000",
            "db": "NVD",
            "id": "CVE-2021-34863",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link\u00a0DAP-2020\u00a0 Stack-based buffer overflow vulnerability in routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014126"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1617"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202110-1149

    Vulnerability from variot - Updated: 2024-08-14 14:18

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. D-Link DAP-2020 Routers contain a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12103 Was numbering.Information may be obtained. D-Link DAP-2020 is a wireless N access point

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "dap-2020",
            "scope": null,
            "trust": 1.5,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.01"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dap-2020  firmware"
          },
          {
            "_id": null,
            "model": "dap-2020",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=1.01"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "chung96vn of Vietnam National Cyber Security Center",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          }
        ],
        "trust": 1.3
      },
      "cve": "CVE-2021-34860",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2021-34860",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-67521",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "zdi-disclosures@trendmicro.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34860",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34860",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-34860",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-34860",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "zdi-disclosures@trendmicro.com",
                "id": "CVE-2021-34860",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-34860",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2021-34860",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-67521",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202108-1619",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. D-Link DAP-2020 Routers contain a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12103 Was numbering.Information may be obtained. D-Link DAP-2020 is a wireless N access point",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34860"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-34860",
            "trust": 4.6
          },
          {
            "db": "ZDI",
            "id": "ZDI-21-976",
            "trust": 3.8
          },
          {
            "db": "DLINK",
            "id": "SAP10201",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-12103",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021100105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34860",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          }
        ]
      },
      "id": "VAR-202110-1149",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          }
        ],
        "trust": 1.24
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:18:20.048000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Multiple\u00a0Vulnerability",
            "trust": 1.5,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "title": "Patch for D-Link DAP-2020 directory traversal vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/288981"
          },
          {
            "title": "D-Link DAP-2020 Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164631"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.zerodayinitiative.com/advisories/zdi-21-976/"
          },
          {
            "trust": 2.3,
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34860"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021100105"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34860"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-21-976",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-67521",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-34860",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-34860",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-18T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-976",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67521",
            "ident": null
          },
          {
            "date": "2022-10-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014129",
            "ident": null
          },
          {
            "date": "2021-08-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1619",
            "ident": null
          },
          {
            "date": "2021-10-25T17:15:08.417000",
            "db": "NVD",
            "id": "CVE-2021-34860",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-08-18T00:00:00",
            "db": "ZDI",
            "id": "ZDI-21-976",
            "ident": null
          },
          {
            "date": "2021-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-67521",
            "ident": null
          },
          {
            "date": "2022-10-05T06:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-014129",
            "ident": null
          },
          {
            "date": "2021-10-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202108-1619",
            "ident": null
          },
          {
            "date": "2023-04-26T19:27:52.350000",
            "db": "NVD",
            "id": "CVE-2021-34860",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "D-Link\u00a0DAP-2020\u00a0 Path Traversal Vulnerability in Routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-014129"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202108-1619"
          }
        ],
        "trust": 0.6
      }
    }