Search criteria
6 vulnerabilities found for dir-2640 by dlink
VAR-202305-0215
Vulnerability from variot - Updated: 2025-11-19 23:10D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of the DestNetwork parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19548. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-2640 is a high-power Wi-Fi router from D-Link (Taiwan), supporting the AC2600 WiFi standard and featuring dual-band (2.4GHz and 5GHz) network transmission
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-2640",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-2640 firmware 1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
}
],
"trust": 0.7
},
"cve": "CVE-2023-32151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2025-25599",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-029387",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-32151",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-029387",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2023-32151",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-25599",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 DestNetwork Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. \n\nThe specific flaw exists within the handling of the DestNetwork parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19548. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-2640 is a high-power Wi-Fi router from D-Link (Taiwan), supporting the AC2600 WiFi standard and featuring dual-band (2.4GHz and 5GHz) network transmission",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32151"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "VULMON",
"id": "CVE-2023-32151"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-32151",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-543",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10323",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-19548",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-25599",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-32151",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "VULMON",
"id": "CVE-2023-32151"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"id": "VAR-202305-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-25599"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-25599"
}
]
},
"last_update_date": "2025-11-19T23:10:12.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
},
{
"title": "Patch for D-Link DIR-2640 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/747311"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10323"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-543/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32151"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32151"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "VULMON",
"id": "CVE-2023-32151"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"db": "VULMON",
"id": "CVE-2023-32151"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"date": "2025-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"date": "2025-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"date": "2024-05-03T02:15:19.500000",
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-543"
},
{
"date": "2025-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-25599"
},
{
"date": "2025-08-07T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2023-029387"
},
{
"date": "2025-08-06T14:17:26.917000",
"db": "NVD",
"id": "CVE-2023-32151"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-2640\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029387"
}
],
"trust": 0.8
}
}
VAR-202305-0267
Vulnerability from variot - Updated: 2025-10-15 23:31D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of the LocalIPAddress parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19544. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-2640 is a high-power Wi-Fi router manufactured by D-Link in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-2640",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-2640 firmware 1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
}
],
"trust": 0.7
},
"cve": "CVE-2023-32147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2025-23630",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32147",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-029388",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32147",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-32147",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-029388",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2023-32147",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-23630",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. \n\nThe specific flaw exists within the handling of the LocalIPAddress parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19544. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-2640 is a high-power Wi-Fi router manufactured by D-Link in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32147"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "VULMON",
"id": "CVE-2023-32147"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-32147",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-539",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10323",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-19544",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-23630",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-32147",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "VULMON",
"id": "CVE-2023-32147"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"id": "VAR-202305-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23630"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-23630"
}
]
},
"last_update_date": "2025-10-15T23:31:39.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
},
{
"title": "Patch for D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/738591"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10323"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-539/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32147"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32147"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "VULMON",
"id": "CVE-2023-32147"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"db": "VULMON",
"id": "CVE-2023-32147"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"date": "2025-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"date": "2025-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"date": "2024-05-03T02:15:18.770000",
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"date": "2025-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-23630"
},
{
"date": "2025-08-07T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2023-029388"
},
{
"date": "2025-08-06T14:18:15.880000",
"db": "NVD",
"id": "CVE-2023-32147"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-539"
},
{
"db": "CNVD",
"id": "CNVD-2025-23630"
}
],
"trust": 1.3
}
}
VAR-202405-0217
Vulnerability from variot - Updated: 2025-08-09 23:09D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Chinese company.
D-Link DIR-2640 has a buffer overflow vulnerability. The vulnerability is caused by the program failing to properly verify the length of the input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-2640",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-2640 firmware 1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nicholas Zubrisky",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-444"
}
],
"trust": 0.7
},
"cve": "CVE-2024-5293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2024-26177",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-5293",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-026904",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-5293",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2024-5293",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-026904",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-5293",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2024-26177",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Chinese company. \n\nD-Link DIR-2640 has a buffer overflow vulnerability. The vulnerability is caused by the program failing to properly verify the length of the input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-5293"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"db": "CNVD",
"id": "CNVD-2024-26177"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-5293",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-444",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-21853",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-26177",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"id": "VAR-202405-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-26177"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-26177"
}
]
},
"last_update_date": "2025-08-09T23:09:30.491000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-444/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-5293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-24T00:00:00",
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"date": "2024-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"date": "2025-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"date": "2024-05-23T22:15:15",
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-01T00:00:00",
"db": "ZDI",
"id": "ZDI-24-444"
},
{
"date": "2024-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-26177"
},
{
"date": "2025-08-07T02:12:00",
"db": "JVNDB",
"id": "JVNDB-2024-026904"
},
{
"date": "2025-08-06T14:26:03.143000",
"db": "NVD",
"id": "CVE-2024-5293"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-2640\u00a0 Stack-based buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-026904"
}
],
"trust": 0.8
}
}
VAR-202305-0214
Vulnerability from variot - Updated: 2025-08-09 22:53D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link Systems, Inc. of DIR-2640 The firmware contains a vulnerability related to an improper implementation of the authentication algorithm.Information may be tampered with. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0214",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-2640",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-2640 firmware 1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
}
],
"trust": 0.7
},
"cve": "CVE-2023-32152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2024-33408",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-32152",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-029394",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-32152",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-32152",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-029394",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2023-32152",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-33408",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link Systems, Inc. of DIR-2640 The firmware contains a vulnerability related to an improper implementation of the authentication algorithm.Information may be tampered with. D-Link DIR-2640 is a high-power Wi-Fi router from China\u0027s D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32152"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "VULMON",
"id": "CVE-2023-32152"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-32152",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-544",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10323",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-19549",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-33408",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-32152",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "VULMON",
"id": "CVE-2023-32152"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"id": "VAR-202305-0214",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-33408"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-33408"
}
]
},
"last_update_date": "2025-08-09T22:53:51.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
},
{
"title": "Patch for D-Link DIR-2640 Authentication Bypass Vulnerability (CNVD-2024-33408)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/571226"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-303",
"trust": 1.0
},
{
"problemtype": "Improper implementation of authentication algorithms (CWE-303) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10323"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-544/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32152"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32152"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "VULMON",
"id": "CVE-2023-32152"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"db": "VULMON",
"id": "CVE-2023-32152"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"date": "2025-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"date": "2024-05-03T02:15:19.670000",
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-544"
},
{
"date": "2024-07-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-33408"
},
{
"date": "2025-08-07T06:54:00",
"db": "JVNDB",
"id": "JVNDB-2023-029394"
},
{
"date": "2025-08-06T14:16:46.460000",
"db": "NVD",
"id": "CVE-2023-32152"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-2640\u00a0 Vulnerability related to improper implementation of authentication algorithm in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029394"
}
],
"trust": 0.8
}
}
VAR-202305-0130
Vulnerability from variot - Updated: 2025-08-09 22:53D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202305-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-2640",
"scope": null,
"trust": 2.1,
"vendor": "d link",
"version": null
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-2640 firmware 1.11b02"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
}
],
"trust": 0.7
},
"cve": "CVE-2023-32153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2024-33407",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32153",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-029386",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2023-32153",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2023-32153",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-029386",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2023-32153",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2024-33407",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. \n\nThe specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link Systems, Inc. of DIR-2640 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from China\u0027s D-Link",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32153"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "VULMON",
"id": "CVE-2023-32153"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-32153",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-23-545",
"trust": 2.6
},
{
"db": "DLINK",
"id": "SAP10323",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-19550",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-33407",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-32153",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "VULMON",
"id": "CVE-2023-32153"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"id": "VAR-202305-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-33407"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-33407"
}
]
},
"last_update_date": "2025-08-09T22:53:51.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10323"
},
{
"title": "Patch for D-Link DIR-2640 has a remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/571221"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10323"
},
{
"trust": 1.9,
"url": "https://www.zerodayinitiative.com/advisories/zdi-23-545/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32153"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-32153"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "VULMON",
"id": "CVE-2023-32153"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"db": "VULMON",
"id": "CVE-2023-32153"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"date": "2024-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"date": "2025-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"date": "2024-05-03T02:15:19.840000",
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-04T00:00:00",
"db": "ZDI",
"id": "ZDI-23-545"
},
{
"date": "2024-07-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-33407"
},
{
"date": "2025-08-07T03:31:00",
"db": "JVNDB",
"id": "JVNDB-2023-029386"
},
{
"date": "2025-08-06T14:16:19.887000",
"db": "NVD",
"id": "CVE-2023-32153"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-2640\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029386"
}
],
"trust": 0.8
}
}
VAR-202204-0705
Vulnerability from variot - Updated: 2024-11-23 22:32A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. dir-1360 firmware, dir-1760 firmware, dir-1960 For multiple D-Link Japan Co., Ltd. products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b03"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b15"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b01"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b06"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b10"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b04"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b03"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b02"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-878",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b08"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b03"
},
{
"model": "dir-1760",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b14"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b07"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b01"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b12"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b03"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b03"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b03"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-1760",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b01"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b06"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b07"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b10"
},
{
"model": "dir-878",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b05"
},
{
"model": "dir-882",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-3040",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-3060",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1760",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-878",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-2660",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1360",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1960",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-867",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-2640",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"cve": "CVE-2022-1262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1262",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1262",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1262",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1262",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2826",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-1262",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. dir-1360 firmware, dir-1760 firmware, dir-1960 For multiple D-Link Japan Co., Ltd. products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "VULMON",
"id": "CVE-2022-1262"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1262",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2022-09",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-1262",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"id": "VAR-202204-0705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4205193725
},
"last_update_date": "2024-11-23T22:32:53.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link Routers Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189807"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2022-09"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1262"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1262/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"date": "2022-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"date": "2022-04-11T20:15:18.157000",
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"date": "2024-11-21T06:40:21.910000",
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple D-Link Japan Co., Ltd. products \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
],
"trust": 0.6
}
}