Search criteria
9 vulnerabilities found for dap-2695 by dlink
VAR-202510-0440
Vulnerability from variot - Updated: 2025-11-19 23:22A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. The D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link (China). An attacker could exploit this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-0440",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.00"
},
{
"model": "dap-2695 2.00rc131",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"cve": "CVE-2025-11665",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "cna@vuldb.com",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CVE-2025-11665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-24396",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2025-11665",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-11665",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-11665",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-11665",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2025-24396",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. The D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link (China). An attacker could exploit this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-11665"
},
{
"db": "CNVD",
"id": "CNVD-2025-24396"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-11665",
"trust": 1.6
},
{
"db": "VULDB",
"id": "328084",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2025-24396",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"id": "VAR-202510-0440",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
}
]
},
"last_update_date": "2025-11-19T23:22:21.005000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.328084"
},
{
"trust": 1.0,
"url": "https://github.com/iotres/iot_firmware_update/blob/main/dlink/dap-2695.md"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?id.328084"
},
{
"trust": 1.0,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?submit.673104"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-11665"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"date": "2025-10-13T07:15:52.023000",
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-24396"
},
{
"date": "2025-11-03T16:32:20.470000",
"db": "NVD",
"id": "CVE-2025-11665"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DAP-2695 Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-24396"
}
],
"trust": 0.6
}
}
VAR-202505-1805
Vulnerability from variot - Updated: 2025-05-30 23:29A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter harp_mac in the file /adv_arpspoofing.php. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1805",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b36r137_all_en_202105286"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2695 firmware 1.20b36r137 all en 202105286"
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695 120b36r137 all en 20210528",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"cve": "CVE-2025-4858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CVE-2025-4858",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Multiple",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-005593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-10944",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2025-4858",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2025-4858",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-005593",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-4858",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-4858",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-005593",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-10944",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link. \n\nD-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter harp_mac in the file /adv_arpspoofing.php. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "CNVD",
"id": "CNVD-2025-10944"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-4858",
"trust": 3.2
},
{
"db": "VULDB",
"id": "309400",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10944",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"id": "VAR-202505-1805",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
}
]
},
"last_update_date": "2025-05-30T23:29:48.219000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/dap-2695/xss_arp_spoofing_prevention"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.309400"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.575100"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.309400"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-4858"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"date": "2025-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"date": "2025-05-18T04:15:34.883000",
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10944"
},
{
"date": "2025-05-23T03:38:00",
"db": "JVNDB",
"id": "JVNDB-2025-005593"
},
{
"date": "2025-05-22T18:19:26.573000",
"db": "NVD",
"id": "CVE-2025-4858"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2695\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005593"
}
],
"trust": 0.8
}
}
VAR-202505-1749
Vulnerability from variot - Updated: 2025-05-30 23:23A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_dhcps.php. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b36r137_all_en_202105286"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2695 firmware 1.20b36r137 all en 202105286"
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695 120b36r137 all en 20210528",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"cve": "CVE-2025-4860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CVE-2025-4860",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Multiple",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-005540",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-10945",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2025-4860",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2025-4860",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-005540",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-4860",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-4860",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-005540",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-10945",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link. \n\nD-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_dhcps.php. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-4860"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "CNVD",
"id": "CNVD-2025-10945"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-4860",
"trust": 3.2
},
{
"db": "VULDB",
"id": "309402",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10945",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"id": "VAR-202505-1749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
}
]
},
"last_update_date": "2025-05-30T23:23:34.661000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/dap-2695/xss_static_pool_settings"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.309402"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.575103"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.309402"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-4860"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"date": "2025-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"date": "2025-05-18T05:15:17.203000",
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10945"
},
{
"date": "2025-05-23T00:36:00",
"db": "JVNDB",
"id": "JVNDB-2025-005540"
},
{
"date": "2025-05-22T17:53:56.563000",
"db": "NVD",
"id": "CVE-2025-4860"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2695\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005540"
}
],
"trust": 0.8
}
}
VAR-202505-1895
Vulnerability from variot - Updated: 2025-05-30 23:16A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link.
D-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_macbypass.php. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-1895",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b36r137_all_en_202105286"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dap-2695 firmware 1.20b36r137 all en 202105286"
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695 120b36r137 all en 20210528",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"cve": "CVE-2025-4859",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CVE-2025-4859",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Multiple",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-005560",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2025-10946",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"id": "CVE-2025-4859",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2025-4859",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-005560",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-4859",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-4859",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-005560",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2025-10946",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DAP-2695 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DAP-2695 is a high-performance dual-band wireless access point from D-Link. \n\nD-Link DAP-2695 has a cross-site scripting vulnerability, which is caused by the lack of effective filtering and escaping of user-supplied data by the parameter f_mac in the file /adv_macbypass.php. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-4859"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "CNVD",
"id": "CNVD-2025-10946"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-4859",
"trust": 3.2
},
{
"db": "VULDB",
"id": "309401",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-10946",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"id": "VAR-202505-1895",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
}
]
},
"last_update_date": "2025-05-30T23:16:44.999000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/fizz-is-on-the-way/iot_vuls/tree/main/dap-2695/xss_mac_bypass"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.309401"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.575101"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.309401"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-4859"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"date": "2025-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"date": "2025-05-18T05:15:16.977000",
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-10946"
},
{
"date": "2025-05-23T01:38:00",
"db": "JVNDB",
"id": "JVNDB-2025-005560"
},
{
"date": "2025-05-22T18:17:04.033000",
"db": "NVD",
"id": "CVE-2025-4859"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DAP-2695\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-005560"
}
],
"trust": 0.8
}
}
VAR-201704-0306
Vulnerability from variot - Updated: 2025-04-20 23:13Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted 'dlink_uid' cookie. plural D-Link The product contains a buffer overflow vulnerability.Crafted by a remote attacker 'dlink_uid' Cookie May be unspecified. D-Link is a network equipment and solution provider that includes a variety of router devices. Multiple D-Link products have a buffer overflow vulnerability in handling the 'dlink_uid' parameter, which can be exploited by an attacker to execute arbitrary code on an affected device. D-Link DAP-2310 and others are wireless access points (AP) of D-Link. A buffer overflow vulnerability exists in several D-Link products. Hello,
We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne.
Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. This has been assigned CVE-2016-1555. Affected devices include:
Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:
D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695
Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:
Netgear WN604 Netgear WNAP210 Netgear WNAP320 Netgear WND930 Netgear WNDAP350 Netgear WNDAP360
Several devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID’s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:
D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360
We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.
Thanks,
Dominic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.16"
},
{
"model": "dap-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11"
},
{
"model": "dap-2330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06"
},
{
"model": "dap-2690",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.15"
},
{
"model": "dap-2360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dap-2310",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.06"
},
{
"model": "dap-2230",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "dap-3662",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dap-2553",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.05"
},
{
"model": "dap-2230",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2330",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3662",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2310",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2330",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2360",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2553",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2660",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2690",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "d-link dap-2695",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.15"
},
{
"model": "dap-2360",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.06"
},
{
"model": "dap-2230",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dap-2330",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.06"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dap-2553",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.05"
},
{
"model": "dap-2310",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.06"
},
{
"model": "dap-2660",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.11"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.16"
},
{
"model": "dap-3662",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dap-2230_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2310_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2330_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2360_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2553_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2660_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2690_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-2695_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-3320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dap-3662_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dominic Chen",
"sources": [
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 0.1
},
"cve": "CVE-2016-1558",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1558",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01688",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90377",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1558",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1558",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1558",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-01688",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-396",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90377",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, and DAP-3662 1.01 and earlier allows remote attackers to have unspecified impact via a crafted \u0027dlink_uid\u0027 cookie. plural D-Link The product contains a buffer overflow vulnerability.Crafted by a remote attacker \u0027dlink_uid\u0027 Cookie May be unspecified. D-Link is a network equipment and solution provider that includes a variety of router devices. Multiple D-Link products have a buffer overflow vulnerability in handling the \u0027dlink_uid\u0027 parameter, which can be exploited by an attacker to execute arbitrary code on an affected device. D-Link DAP-2310 and others are wireless access points (AP) of D-Link. A buffer overflow vulnerability exists in several D-Link products. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. \n\nSeveral Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. Affected devices include:\n\nNetgear WN604\nNetgear WNAP210\nNetgear WNAP320\nNetgear WND930\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral devices by both D-Link and Netgear disclose wireless passwords and administrative usernames/passwords over SNMP, including OID\u2019s iso.3.6.1.4.1.171.10.37.35.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.38.2.1.3.3.2.1.1.4, iso.3.6.1.4.1.171.10.37.35.4.1.1.1, iso.3.6.1.4.1.171.10.37.37.4.1.1.1, iso.3.6.1.4.1.171.10.37.38.4.1.1.1, iso.3.6.1.4.1.4526.100.7.8.1.5, iso.3.6.1.4.1.4526.100.7.9.1.5, iso.3.6.1.4.1.4526.100.7.9.1.7, and iso.3.6.1.4.1.4526.100.7.10.1.7. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "PACKETSTORM",
"id": "135956"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1558",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "135956",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01688",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90377",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"id": "VAR-201704-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
}
],
"trust": 1.243692885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
}
]
},
"last_update_date": "2025-04-20T23:13:13.994000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FIRMADYNE CVE-2016-1558 \u0026 CVE-2016-1559",
"trust": 0.8,
"url": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559"
},
{
"title": "Multiple D-Link Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=234995"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2016/feb/112"
},
{
"trust": 1.7,
"url": "http://www.dlink.com/mk/mk/support/support-news/2016/march/16/firmadyne-cve_2016_1558-cve_2016_1559"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1558"
},
{
"trust": 0.1,
"url": "https://github.com/firmadyne/firmadyne."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"db": "VULHUB",
"id": "VHN-90377"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"db": "PACKETSTORM",
"id": "135956"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"date": "2017-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-90377"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"date": "2016-02-26T17:22:22",
"db": "PACKETSTORM",
"id": "135956"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"date": "2017-04-21T15:59:00.457000",
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01688"
},
{
"date": "2017-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90377"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008490"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-396"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-1558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Product buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008490"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-396"
}
],
"trust": 0.6
}
}
VAR-202212-2045
Vulnerability from variot - Updated: 2025-04-18 04:12D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. plural D-Link There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-2045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2553",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10rc031"
},
{
"model": "dap-2690",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.20rc106"
},
{
"model": "dap-2660",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15rc093"
},
{
"model": "dap-2330",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.06rc020"
},
{
"model": "dap-2695",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20rc119"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20rc119"
},
{
"model": "dap-3320",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc027"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc027"
},
{
"model": "dap-2310",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.10rc036"
},
{
"model": "dap-2360",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.10rc050"
},
{
"model": "dap-3662",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc047"
},
{
"model": "dap-3320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2330",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3662",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"cve": "CVE-2022-38873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38873",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-38873",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38873",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-38873",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-38873",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3635",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. plural D-Link There is an unspecified vulnerability in the device.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38873"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38873",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003449",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3635",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"id": "VAR-202212-2045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5238600360000001
},
"last_update_date": "2025-04-18T04:12:16.767000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.6,
"url": "https://github.com/yuhao-w/bug--d-link--firmware-update-vulnerabilities/blob/main/readme.md"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38873"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38873/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"date": "2022-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"date": "2022-12-20T20:15:09.730000",
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-17T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2022-003449"
},
{
"date": "2022-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3635"
},
{
"date": "2025-04-17T14:15:20.023000",
"db": "NVD",
"id": "CVE-2022-38873"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3635"
}
],
"trust": 0.6
}
}
VAR-202108-1037
Vulnerability from variot - Updated: 2024-08-14 14:50Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. D-Link DAP-2330 is a wireless N300 single frequency PoE access point
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2553",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10rc039"
},
{
"model": "dap-2360",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.10rc055"
},
{
"model": "dap-2695",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20rc093"
},
{
"model": "dap-2690",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.20rc115"
},
{
"model": "dap-3662",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc069"
},
{
"model": "dap-3320",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc027"
},
{
"model": "dap-2660",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15rc131b"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc027"
},
{
"model": "dap-2330",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10rc036"
},
{
"model": "dap-2553",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "3.10rc039"
},
{
"model": "dap-2690",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "3.20rc115"
},
{
"model": "dap-2310",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.10rc039"
},
{
"model": "dap-3662",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05rc069"
},
{
"model": "dap-2330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10rc036"
},
{
"model": "dap-2330",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3662",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310 2,10rc039",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2330 1.10rc036 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360 2.10rc055",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553 3.10rc039 beta",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "3.163.16"
},
{
"model": "tarc15-15rc",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660 1.16brc15rc",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"cve": "CVE-2021-28838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-28838",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94840",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-28838",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-28838",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28838",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-28838",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-94840",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-997",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-28838",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi\u0027 operation when a specific network package are sent to the httpd binary. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. D-Link DAP-2330 is a wireless N300 single frequency PoE access point",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28838"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "VULMON",
"id": "CVE-2021-28838"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28838",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94840",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-997",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-28838",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"id": "VAR-202108-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
}
],
"trust": 1.3354777977777776
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
}
]
},
"last_update_date": "2024-08-14T14:50:12.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28838"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve2.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"date": "2022-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"date": "2021-08-10T18:15:07.137000",
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94840"
},
{
"date": "2021-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28838"
},
{
"date": "2022-07-12T03:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-010921"
},
{
"date": "2021-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-997"
},
{
"date": "2021-08-17T14:57:22.040000",
"db": "NVD",
"id": "CVE-2021-28838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0DAP\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010921"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-997"
}
],
"trust": 0.6
}
}
VAR-202108-1039
Vulnerability from variot - Updated: 2024-08-14 14:50Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. DAP-2330 is a wireless N300 single-band PoE access point. Attackers can use vulnerabilities to cause the program to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.07.rc043"
},
{
"model": "dap-2690",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.16.rc100"
},
{
"model": "dap-2553",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.06.rc027"
},
{
"model": "dap-2330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.rc028"
},
{
"model": "dap-2310",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.0.7.rc031"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.rc014"
},
{
"model": "dap-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.rc074"
},
{
"model": "dap-3662",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.rc022"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.17.rc063"
},
{
"model": "dap-2330",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3662",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310 2.07.rc031",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2330 1.07.rc028",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360 2.07.rc043",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553 3.06.rc027",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660 rap-1.76.rc031",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660 rcap-1.46.103.13",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"cve": "CVE-2021-28840",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-28840",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94842",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-28840",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-28840",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28840",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-28840",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-94842",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-999",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-28840",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_config function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the content in upload_file variable is NULL in the upload_config function then the strncasecmp would take NULL as first argument, and incur the NULL pointer dereference vulnerability. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. DAP-2330 is a wireless N300 single-band PoE access point. Attackers can use vulnerabilities to cause the program to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "VULMON",
"id": "CVE-2021-28840"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28840",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-999",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-28840",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"id": "VAR-202108-1039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
}
],
"trust": 1.123860036
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
}
]
},
"last_update_date": "2024-08-14T14:50:12.307000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28840"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve2.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"date": "2022-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"date": "2021-08-10T18:15:07.220000",
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94842"
},
{
"date": "2021-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28840"
},
{
"date": "2022-07-12T03:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010919"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-999"
},
{
"date": "2021-08-17T15:01:09.087000",
"db": "NVD",
"id": "CVE-2021-28840"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0DAP\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-999"
}
],
"trust": 0.6
}
}
VAR-202108-1038
Vulnerability from variot - Updated: 2024-08-14 14:25Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. D-Link DAP-2330 is a wireless N300 single frequency PoE access point. Attackers can use vulnerabilities to cause the program to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dap-2360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.07.rc043"
},
{
"model": "dap-2690",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.16.rc100"
},
{
"model": "dap-2553",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.06.rc027"
},
{
"model": "dap-2330",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.07.rc028"
},
{
"model": "dap-2310",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.0.7.rc031"
},
{
"model": "dap-3320",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.rc014"
},
{
"model": "dap-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13.rc074"
},
{
"model": "dap-3662",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01.rc022"
},
{
"model": "dap-2695",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.17.rc063"
},
{
"model": "dap-2330",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3320",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2690",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-3662",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2695",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dap-2310 2.07.rc031",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2330 1.07.rc028",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2360 2.07.rc043",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2553 3.06.rc027",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660 rap-1.76.rc031",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dap-2660 rcap-1.46.103.13",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"cve": "CVE-2021-28839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-28839",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-28839",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-28839",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28839",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-28839",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-94841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-998",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-28839",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability. plural D-Link DAP The product has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be put into a state. D-Link DAP-2310 is a single-band wireless network access point, suitable for small businesses or schools that require fast and reliable wireless networks. D-Link DAP-2330 is a wireless N300 single frequency PoE access point. Attackers can use vulnerabilities to cause the program to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28839"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "VULMON",
"id": "CVE-2021-28839"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28839",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94841",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-998",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-28839",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"id": "VAR-202108-1038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
}
],
"trust": 1.123860036
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
}
]
},
"last_update_date": "2024-08-14T14:25:16.032000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28839"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://github.com/zyw-200/equafl/blob/main/dlink-email-cve2.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"date": "2021-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"date": "2022-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"date": "2021-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"date": "2021-08-10T18:15:07.180000",
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94841"
},
{
"date": "2021-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28839"
},
{
"date": "2022-07-12T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2021-010920"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-998"
},
{
"date": "2021-08-17T14:59:57.643000",
"db": "NVD",
"id": "CVE-2021-28839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0DAP\u00a0 In the product \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-998"
}
],
"trust": 0.6
}
}