Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for dir-300_firmware by dlink

    CVE-2013-10069 (GCVE-0-2013-10069)

    Vulnerability from nvd – Published: 2025-08-05 20:01 – Updated: 2026-05-15 11:14
    VLAI
    Title
    D-Link Devices Unauthenticated RCE
    Summary
    The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 rev B Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 rev B Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10069",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T17:54:19.302646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T17:54:33.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/24453"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600 rev B",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300 rev B",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in \u003ccode\u003ecommand.php\u003c/code\u003e, which improperly handles the \u003ccode\u003ecmd\u003c/code\u003e POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.\u003c/p\u003e"
                }
              ],
              "value": "The web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:20.275Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-devices-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "D-Link Devices Unauthenticated RCE",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10069",
        "datePublished": "2025-08-05T20:01:04.000Z",
        "dateReserved": "2025-08-05T15:25:58.765Z",
        "dateUpdated": "2026-05-15T11:14:20.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10050 (GCVE-0-2013-10050)

    Vulnerability from nvd – Published: 2025-08-01 20:39 – Updated: 2026-05-26 11:51 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices tools_vct.xgi Authenticated RCE
    Summary
    An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-300 rev A Affected: 0 , ≤ 1.05 (custom)
    Create a notification for this product.
    D-Link DIR-615 rev D Affected: 0 , ≤ 4.13 (custom)
    Create a notification for this product.
    Date Public
    2013-04-26 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10050",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:22:45.988859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:23:02.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/raw/25024"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tools_vct.xgi"
              ],
              "product": "DIR-300 rev A",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "1.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tools_vct.xgi"
              ],
              "product": "DIR-615 rev D",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "4.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:d-link:dir-300:a:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.05",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:d-link:dir-615:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn OS command injection vulnerability exists in multiple D-Link routers\u2014confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)\u2014via the authenticated \u003ccode\u003etools_vct.xgi\u003c/code\u003e CGI endpoint. The web interface fails to properly sanitize user-supplied input in the \u003ccode\u003epingIp\u003c/code\u003e parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose \u003ccode\u003etools_vct.xgi\u003c/code\u003e and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T11:51:32.053Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/25024"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27428"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20140830203110/http://www.s3cur1ty.de/m1adv2013-014"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce-2"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices tools_vct.xgi Authenticated RCE",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10050",
        "datePublished": "2025-08-01T20:39:00.384Z",
        "dateReserved": "2025-08-01T15:02:17.383Z",
        "dateUpdated": "2026-05-26T11:51:32.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10048 (GCVE-0-2013-10048)

    Vulnerability from nvd – Published: 2025-08-01 20:39 – Updated: 2026-05-15 11:14 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices command.php Unauthenticated RCE
    Summary
    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10048",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:21:52.250244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:22:11.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/27528"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-600:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-300:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated \u003ccode\u003ecommand.php\u003c/code\u003e endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the \u003ccode\u003ecmd\u003c/code\u003e parameter.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:13.668Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27528"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20131022221648/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices command.php Unauthenticated RCE",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10048",
        "datePublished": "2025-08-01T20:39:20.417Z",
        "dateReserved": "2025-08-01T14:08:41.917Z",
        "dateUpdated": "2026-05-15T11:14:13.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-41616 (GCVE-0-2024-41616)

    Vulnerability from nvd – Published: 2024-08-06 00:00 – Updated: 2024-08-06 15:58
    VLAI
    Summary
    D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    dlink dir-300_firmware Affected: 1.06b05_ww
        cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dir-300_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.06b05_ww"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T15:57:56.089354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-259",
                    "description": "CWE-259 Use of Hard-coded Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:58:09.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T15:14:56.300Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md"
            },
            {
              "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41616",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:58:09.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0717 (GCVE-0-2024-0717)

    Vulnerability from nvd – Published: 2024-01-19 15:31 – Updated: 2025-05-30 14:26
    VLAI
    Title
    D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
    Summary
    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.251542 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.251542 signaturepermissions-required
    https://github.com/999zzzzz/D-Link exploit
    Impacted products
    Vendor Product Version
    D-Link DAP-1360 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-300 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615GF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615T Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-806A Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-816 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-820 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-822 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACG1 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-841 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-843 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-853 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-878 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-882 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1210 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1260 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-2150 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1530 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1860 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-224 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-245GR Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2640U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2750U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-G2452GR Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402GFRU Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G-IL Affected: 20240112
    Create a notification for this product.
    D-Link DWM-312W Affected: 20240112
    Create a notification for this product.
    D-Link DWM-321 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-921 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-953 Affected: 20240112
    Create a notification for this product.
    D-Link Good Line Router v2 Affected: 20240112
    Create a notification for this product.
    Credits
    99iz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.251542"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.251542"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/999zzzzz/D-Link"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0717",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:37.136211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:26:30.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DAP-1360",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615GF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-806A",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-820",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-822",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACG1",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-841",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-843",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-853",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-878",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-882",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1210",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1260",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-2150",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1530",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1860",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-224",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-245GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2640U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2750U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-G2452GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402GFRU",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G-IL",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-312W",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-321",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-953",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "Good Line Router v2",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "99iz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-19T15:31:04.290Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.251542"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.251542"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/999zzzzz/D-Link"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-19T08:26:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0717",
        "datePublished": "2024-01-19T15:31:04.290Z",
        "dateReserved": "2024-01-19T07:21:32.386Z",
        "dateUpdated": "2025-05-30T14:26:30.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31814 (GCVE-0-2023-31814)

    Vulnerability from nvd – Published: 2023-05-23 00:00 – Updated: 2025-01-17 17:53
    VLAI
    Summary
    D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-706 - Use of Incorrectly-Resolved Name or Reference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:56:35.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dlink.com/en/security-bulletin/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T17:49:11.316527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-706",
                    "description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-17T17:53:54.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR-300 firmware \u003c=REVA1.06 and \u003c=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-23T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.dlink.com/en/security-bulletin/"
            },
            {
              "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-31814",
        "datePublished": "2023-05-23T00:00:00.000Z",
        "dateReserved": "2023-04-29T00:00:00.000Z",
        "dateUpdated": "2025-01-17T17:53:54.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7471 (GCVE-0-2013-7471)

    Vulnerability from nvd – Published: 2019-06-11 20:46 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s3cur1ty.de/m1adv2013-020"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/27044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:46:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s3cur1ty.de/m1adv2013-020"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/27044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7471",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.s3cur1ty.de/m1adv2013-020",
                  "refsource": "MISC",
                  "url": "http://www.s3cur1ty.de/m1adv2013-020"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/27044",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/27044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7471",
        "datePublished": "2019-06-11T20:46:45.000Z",
        "dateReserved": "2019-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4723 (GCVE-0-2011-4723)

    Vulnerability from nvd – Published: 2011-12-20 11:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:34.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://en.securitylab.ru/lab/PT-2011-30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2011-4723",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T20:01:02.727626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-09-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-4723"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "CWE-312 Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:48.669Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-4723"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-09-08T00:00:00.000Z",
                "value": "CVE-2011-4723 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-20T11:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://en.securitylab.ru/lab/PT-2011-30"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-4723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.securitylab.ru/lab/PT-2011-30",
                  "refsource": "MISC",
                  "url": "http://en.securitylab.ru/lab/PT-2011-30"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-4723",
        "datePublished": "2011-12-20T11:00:00.000Z",
        "dateReserved": "2011-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:48.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-10069 (GCVE-0-2013-10069)

    Vulnerability from cvelistv5 – Published: 2025-08-05 20:01 – Updated: 2026-05-15 11:14
    VLAI
    Title
    D-Link Devices Unauthenticated RCE
    Summary
    The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 rev B Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 rev B Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10069",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T17:54:19.302646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T17:54:33.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/24453"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600 rev B",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300 rev B",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dir-600_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in \u003ccode\u003ecommand.php\u003c/code\u003e, which improperly handles the \u003ccode\u003ecmd\u003c/code\u003e POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root.\u003c/p\u003e"
                }
              ],
              "value": "The web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:20.275Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-devices-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "D-Link Devices Unauthenticated RCE",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10069",
        "datePublished": "2025-08-05T20:01:04.000Z",
        "dateReserved": "2025-08-05T15:25:58.765Z",
        "dateUpdated": "2026-05-15T11:14:20.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10048 (GCVE-0-2013-10048)

    Vulnerability from cvelistv5 – Published: 2025-08-01 20:39 – Updated: 2026-05-15 11:14 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices command.php Unauthenticated RCE
    Summary
    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-600 Affected: 0 , ≤ 2.14b01 (custom)
    Create a notification for this product.
    D-Link DIR-300 Affected: 0 , ≤ 2.13 (custom)
    Create a notification for this product.
    Date Public
    2013-02-05 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10048",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:21:52.250244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:22:11.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/27528"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.14b01",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "command.php"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-600:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.14b01",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-300:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "2.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eAn OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated \u003ccode\u003ecommand.php\u003c/code\u003e endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the \u003ccode\u003ecmd\u003c/code\u003e parameter.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-15T11:14:13.668Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/24453"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27528"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20131022221648/http://www.s3cur1ty.de/m1adv2013-003"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices command.php Unauthenticated RCE",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10048",
        "datePublished": "2025-08-01T20:39:20.417Z",
        "dateReserved": "2025-08-01T14:08:41.917Z",
        "dateUpdated": "2026-05-15T11:14:13.668Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-10050 (GCVE-0-2013-10050)

    Vulnerability from cvelistv5 – Published: 2025-08-01 20:39 – Updated: 2026-05-26 11:51 Unsupported When Assigned
    VLAI
    Title
    D-Link Devices tools_vct.xgi Authenticated RCE
    Summary
    An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    D-Link DIR-300 rev A Affected: 0 , ≤ 1.05 (custom)
    Create a notification for this product.
    D-Link DIR-615 rev D Affected: 0 , ≤ 4.13 (custom)
    Create a notification for this product.
    Date Public
    2013-04-26 00:00
    Credits
    Michael Messner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2013-10050",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-04T14:22:45.988859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-04T14:23:02.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/raw/25024"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tools_vct.xgi"
              ],
              "product": "DIR-300 rev A",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "1.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "tools_vct.xgi"
              ],
              "product": "DIR-615 rev D",
              "vendor": "D-Link",
              "versions": [
                {
                  "lessThanOrEqual": "4.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:d-link:dir-300:a:*:*:*:*:*:*:*",
                      "versionEndIncluding": "1.05",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:d-link:dir-615:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.13",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Messner"
            }
          ],
          "datePublic": "2013-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn OS command injection vulnerability exists in multiple D-Link routers\u2014confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)\u2014via the authenticated \u003ccode\u003etools_vct.xgi\u003c/code\u003e CGI endpoint. The web interface fails to properly sanitize user-supplied input in the \u003ccode\u003epingIp\u003c/code\u003e parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose \u003ccode\u003etools_vct.xgi\u003c/code\u003e and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.\u003c/p\u003e"
                }
              ],
              "value": "An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T11:51:32.053Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit"
              ],
              "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/25024"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/27428"
            },
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://web.archive.org/web/20140830203110/http://www.s3cur1ty.de/m1adv2013-014"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce-2"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "D-Link Devices tools_vct.xgi Authenticated RCE",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2013-10050",
        "datePublished": "2025-08-01T20:39:00.384Z",
        "dateReserved": "2025-08-01T15:02:17.383Z",
        "dateUpdated": "2026-05-26T11:51:32.053Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-41616 (GCVE-0-2024-41616)

    Vulnerability from cvelistv5 – Published: 2024-08-06 00:00 – Updated: 2024-08-06 15:58
    VLAI
    Summary
    D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    dlink dir-300_firmware Affected: 1.06b05_ww
        cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:dlink:dir-300_firmware:1.06b05_ww:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "dir-300_firmware",
                "vendor": "dlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.06b05_ww"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T15:57:56.089354Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-259",
                    "description": "CWE-259 Use of Hard-coded Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:58:09.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-06T15:14:56.300Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/D-Link300.md"
            },
            {
              "url": "https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DIR300/CVE-2024-41616"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-41616",
        "datePublished": "2024-08-06T00:00:00.000Z",
        "dateReserved": "2024-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T15:58:09.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0717 (GCVE-0-2024-0717)

    Vulnerability from cvelistv5 – Published: 2024-01-19 15:31 – Updated: 2025-05-30 14:26
    VLAI
    Title
    D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
    Summary
    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.251542 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.251542 signaturepermissions-required
    https://github.com/999zzzzz/D-Link exploit
    Impacted products
    Vendor Product Version
    D-Link DAP-1360 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-300 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615GF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615T Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-806A Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-816 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-820 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-822 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACG1 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-841 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-843 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-853 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-878 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-882 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1210 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1260 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-2150 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1530 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1860 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-224 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-245GR Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2640U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2750U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-G2452GR Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402GFRU Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G-IL Affected: 20240112
    Create a notification for this product.
    D-Link DWM-312W Affected: 20240112
    Create a notification for this product.
    D-Link DWM-321 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-921 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-953 Affected: 20240112
    Create a notification for this product.
    D-Link Good Line Router v2 Affected: 20240112
    Create a notification for this product.
    Credits
    99iz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.251542"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.251542"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/999zzzzz/D-Link"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0717",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:37.136211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:26:30.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DAP-1360",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615GF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-806A",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-820",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-822",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACG1",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-841",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-843",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-853",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-878",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-882",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1210",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1260",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-2150",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1530",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1860",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-224",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-245GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2640U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2750U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-G2452GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402GFRU",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G-IL",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-312W",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-321",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-953",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "Good Line Router v2",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "99iz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-19T15:31:04.290Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.251542"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.251542"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/999zzzzz/D-Link"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-19T08:26:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0717",
        "datePublished": "2024-01-19T15:31:04.290Z",
        "dateReserved": "2024-01-19T07:21:32.386Z",
        "dateUpdated": "2025-05-30T14:26:30.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-31814 (GCVE-0-2023-31814)

    Vulnerability from cvelistv5 – Published: 2023-05-23 00:00 – Updated: 2025-01-17 17:53
    VLAI
    Summary
    D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-706 - Use of Incorrectly-Resolved Name or Reference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:56:35.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dlink.com/en/security-bulletin/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-31814",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T17:49:11.316527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-706",
                    "description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-17T17:53:54.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "D-Link DIR-300 firmware \u003c=REVA1.06 and \u003c=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-23T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.dlink.com/en/security-bulletin/"
            },
            {
              "url": "https://gist.github.com/1915504804/9503198d3cbd5bc7db47625ac0caaade"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-31814",
        "datePublished": "2023-05-23T00:00:00.000Z",
        "dateReserved": "2023-04-29T00:00:00.000Z",
        "dateUpdated": "2025-01-17T17:53:54.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-7471 (GCVE-0-2013-7471)

    Vulnerability from cvelistv5 – Published: 2019-06-11 20:46 – Updated: 2024-08-06 18:09
    VLAI
    Summary
    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:09:16.715Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s3cur1ty.de/m1adv2013-020"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/27044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-11T20:46:45.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s3cur1ty.de/m1adv2013-020"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/27044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-7471",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.s3cur1ty.de/m1adv2013-020",
                  "refsource": "MISC",
                  "url": "http://www.s3cur1ty.de/m1adv2013-020"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/27044",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/27044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-7471",
        "datePublished": "2019-06-11T20:46:45.000Z",
        "dateReserved": "2019-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:09:16.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4723 (GCVE-0-2011-4723)

    Vulnerability from cvelistv5 – Published: 2011-12-20 11:00 – Updated: 2025-10-22 00:05
    VLAI CISA KEVIntel
    Summary
    The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:34.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://en.securitylab.ru/lab/PT-2011-30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2011-4723",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T20:01:02.727626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-09-08",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-4723"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-312",
                    "description": "CWE-312 Cleartext Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-22T00:05:48.669Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-4723"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-09-08T00:00:00.000Z",
                "value": "CVE-2011-4723 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-20T11:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://en.securitylab.ru/lab/PT-2011-30"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-4723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.securitylab.ru/lab/PT-2011-30",
                  "refsource": "MISC",
                  "url": "http://en.securitylab.ru/lab/PT-2011-30"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-4723",
        "datePublished": "2011-12-20T11:00:00.000Z",
        "dateReserved": "2011-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-22T00:05:48.669Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }