Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for dir-600 by dlink

    VAR-201501-0347

    Vulnerability from variot - Updated: 2025-11-18 15:12

    Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0347",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": null,
            "trust": 1.4,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.16ww"
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": "firmware  2.17b02"
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.16ww"
          },
          {
            "model": "dir-600 2.16ww",
            "scope": null,
            "trust": 0.3,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dawid Czagan",
        "sources": [
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-100005",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-100005",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2014-01581",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-68501",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2014-100005",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2014-100005",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-100005",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2014-100005",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-100005",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-01581",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201403-571",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-68501",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php. D-Link DIR-600 router (rev. (2) hedwig.cgi Remote administration can be enabled via a crafted configuration module. The D-Link DIR-600 is a wireless routing device. Because the program allows users to perform certain operations through unauthenticated HTTP requests, an attacker can exploit the vulnerability to modify the configuration when a logged-in administrative user accesses a specially crafted web page. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to  further attacks. D-Link DIR-600 is a SOHO wireless router product of D-Link",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-100005",
            "trust": 3.3
          },
          {
            "db": "SECUNIA",
            "id": "57304",
            "trust": 2.3
          },
          {
            "db": "DLINK",
            "id": "SAP10018",
            "trust": 2.0
          },
          {
            "db": "BID",
            "id": "66092",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "91794",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-89342",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "id": "VAR-201501-0347",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          }
        ],
        "trust": 1.5214286
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:12:40.702000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SAP10018",
            "trust": 0.8,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10018"
          },
          {
            "title": "DIR-600_REVB_FIRMWARE_2.17.B02",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57137"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://resources.infosecinstitute.com/csrf-unauthorized-remote-admin-access/"
          },
          {
            "trust": 2.0,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10018"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/57304"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91794"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-100005"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100005"
          },
          {
            "trust": 0.8,
            "url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/57304/"
          },
          {
            "trust": 0.6,
            "url": "http://xforce.iss.net/xforce/xfdb/91794"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/66092"
          },
          {
            "trust": 0.3,
            "url": "http://www.dlink.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "db": "BID",
            "id": "66092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "date": "2015-01-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "date": "2014-03-10T00:00:00",
            "db": "BID",
            "id": "66092"
          },
          {
            "date": "2014-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "date": "2015-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "date": "2015-01-13T11:59:04.477000",
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-03-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-01581"
          },
          {
            "date": "2017-09-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-68501"
          },
          {
            "date": "2014-03-10T00:00:00",
            "db": "BID",
            "id": "66092"
          },
          {
            "date": "2015-01-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          },
          {
            "date": "2024-05-31T06:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          },
          {
            "date": "2025-10-22T01:15:55.130000",
            "db": "NVD",
            "id": "CVE-2014-100005"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0DIR-600\u00a0 Cross-site request forgery vulnerability in router firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007601"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201403-571"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202508-2643

    Vulnerability from variot - Updated: 2025-10-05 23:18

    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. DIR-110 firmware, DIR-412 firmware, DIR-600 firmware etc. D-Link Corporation The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2643",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-615",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-645",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-815",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.03"
          },
          {
            "model": "dir-412",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-110",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-610",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": null
          },
          {
            "model": "dir-645",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-615",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-815",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-110",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "d-link dir-610",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-412",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "cve": "CVE-2018-25115",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-25115",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-25115",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-25115",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "disclosure@vulncheck.com",
                "id": "CVE-2018-25115",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-25115",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. DIR-110 firmware, DIR-412 firmware, DIR-600 firmware etc. D-Link Corporation The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-25115",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "43496",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "id": "VAR-202508-2643",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6754550085714286
      },
      "last_update_date": "2025-10-05T23:18:25.626000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
          },
          {
            "trust": 1.8,
            "url": "https://legacy.us.dlink.com/"
          },
          {
            "trust": 1.8,
            "url": "https://support.dlink.com/endoflifepolicy.aspx"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/43496"
          },
          {
            "trust": 1.8,
            "url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25115"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "date": "2025-08-27T22:15:31.370000",
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-03T08:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          },
          {
            "date": "2025-09-24T18:03:34.613000",
            "db": "NVD",
            "id": "CVE-2018-25115"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0D-Link\u00a0Corporation\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015018"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-0132

    Vulnerability from variot - Updated: 2025-10-02 23:14

    The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root. D-Link Corporation of DIR-600 firmware and DIR-300 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-600 is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause command injection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-0132",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.14b01"
          },
          {
            "model": "dir-300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.13"
          },
          {
            "model": "dir-600",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-300",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600 rev b 2.14b01",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "cve": "CVE-2013-10069",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-18551",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-10069",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-10069",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-10069",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "disclosure@vulncheck.com",
                "id": "CVE-2013-10069",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-10069",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-18551",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web interface of multiple D-Link routers, including DIR-600 rev B (\u22642.14b01) and DIR-300 rev B (\u22642.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root. D-Link Corporation of DIR-600 firmware and DIR-300 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DIR-600 is a wireless router from D-Link, a Chinese company. An attacker could exploit this vulnerability to cause command injection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-10069",
            "trust": 3.2
          },
          {
            "db": "EXPLOIT-DB",
            "id": "24453",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "id": "VAR-202508-0132",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          }
        ],
        "trust": 1.3607143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          }
        ]
      },
      "last_update_date": "2025-10-02T23:14:09.448000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/dlink_dir_300_600_exec_noauth.rb"
          },
          {
            "trust": 1.8,
            "url": "https://web.archive.org/web/20150428184723/http://www.s3cur1ty.de/m1adv2013-003"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/24453"
          },
          {
            "trust": 1.8,
            "url": "https://www.vulncheck.com/advisories/dlink-devices-unauth-rce"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-10069"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "date": "2025-09-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "date": "2025-08-05T20:15:35.690000",
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18551"
          },
          {
            "date": "2025-09-30T07:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          },
          {
            "date": "2025-09-23T18:37:48.680000",
            "db": "NVD",
            "id": "CVE-2013-10069"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-600\u00a0 firmware and \u00a0DIR-300\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014667"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-0133

    Vulnerability from variot - Updated: 2025-10-02 23:14

    An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. D-Link Corporation of DIR-300 firmware and DIR-600 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-0133",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.14b01"
          },
          {
            "model": "dir-300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.13"
          },
          {
            "model": "dir-600",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-300",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "cve": "CVE-2013-10048",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-10048",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-10048",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-10048",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "disclosure@vulncheck.com",
                "id": "CVE-2013-10048",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-10048",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability exists in various legacy D-Link routers\u2014including DIR-300 rev B and DIR-600 (firmware \u2264 2.13 and \u2264 2.14b01, respectively)\u2014due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. D-Link Corporation of DIR-300 firmware and DIR-600 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-10048",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "27528",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "24453",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "id": "VAR-202508-0133",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.7607143
      },
      "last_update_date": "2025-10-02T23:14:09.431000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_command_php_exec_noauth.rb"
          },
          {
            "trust": 1.8,
            "url": "https://web.archive.org/web/20131022221648/http://www.s3cur1ty.de/m1adv2013-003"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/24453"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/27528"
          },
          {
            "trust": 1.8,
            "url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-10048"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "date": "2025-08-01T21:15:26.567000",
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-30T07:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          },
          {
            "date": "2025-09-23T17:41:57.273000",
            "db": "NVD",
            "id": "CVE-2013-10048"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-300\u00a0 firmware and \u00a0DIR-600\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014665"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202408-0139

    Vulnerability from variot - Updated: 2025-07-20 23:18

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-600 is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202408-0139",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18"
          },
          {
            "model": "dir-600",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "dir-600  firmware  2.18  and earlier"
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "d link",
            "version": "\u003c=2.18"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "cve": "CVE-2024-7357",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2024-7357",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-026261",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2024-35161",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-7357",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-7357",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-026261",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-7357",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-7357",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-026261",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-35161",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-600 is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-7357",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "273329",
            "trust": 1.8
          },
          {
            "db": "DLINK",
            "id": "SAP10408",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "id": "VAR-202408-0139",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          }
        ],
        "trust": 1.4214286
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          }
        ]
      },
      "last_update_date": "2025-07-20T23:18:08.526000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for D-Link DIR-600 Operating System Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/576101"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/beacox/iot_vuln/tree/main/d-link/dir-600/soapcgi_main_injection"
          },
          {
            "trust": 1.8,
            "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10408"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.273329"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.383695"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.273329"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-7357"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2024-7357/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "date": "2025-07-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "date": "2024-08-01T13:15:10.950000",
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-08-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-35161"
          },
          {
            "date": "2025-07-17T08:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          },
          {
            "date": "2025-07-16T13:53:45.507000",
            "db": "NVD",
            "id": "CVE-2024-7357"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-600\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-026261"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201906-0703

    Vulnerability from variot - Updated: 2024-11-23 22:06

    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link.

    Command injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0703",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.14b01"
          },
          {
            "model": "dir-845",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02b03"
          },
          {
            "model": "dir-600",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.17b01"
          },
          {
            "model": "dir-865",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.05b03"
          },
          {
            "model": "dir-645",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.04b11"
          },
          {
            "model": "dir-300",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.17b01"
          },
          {
            "model": "dir-645",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.04b11"
          },
          {
            "model": "dir-845",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.02b03"
          },
          {
            "model": "dir-865",
            "scope": null,
            "trust": 0.8,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-600 \u003cv2.17b01",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-645 \u003cv1.04b11",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          },
          {
            "model": "dir-845 \u003cv1.02b03",
            "scope": null,
            "trust": 0.6,
            "vendor": "d link",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:d-link:dir-300_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dir-600_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dir-645_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dir-845_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:d-link:dir-865_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          }
        ]
      },
      "cve": "CVE-2013-7471",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-7471",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-39561",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-67473",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2013-7471",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2013-7471",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2013-7471",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2013-7471",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-39561",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-399",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-67473",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-7471",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. plural D-Link The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-845 and so on are all wireless routers from Taiwan D-Link. \n\nCommand injection vulnerability exists in soap.cgi? Service = WANIPConn1 URL in multiple D-Link products. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. The following products and versions are affected: D-Link DIR-845 prior to v1.02b03; DIR-600 prior to v2.17b01; DIR-645 prior to v1.04b11; DIR-300 (rev",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-7471",
            "trust": 3.2
          },
          {
            "db": "EXPLOIT-DB",
            "id": "27044",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399",
            "trust": 0.7
          },
          {
            "db": "EXPLOITDB",
            "id": "27044",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "id": "VAR-201906-0703",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          }
        ],
        "trust": 1.4161706425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:10.235000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://us.dlink.com/"
          },
          {
            "title": "Patch for Command injection vulnerability in multiple D-Link products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/189043"
          },
          {
            "title": "Multiple D-Link Product Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93638"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.s3cur1ty.de/m1adv2013-020"
          },
          {
            "trust": 2.4,
            "url": "https://www.exploit-db.com/exploits/27044"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7471"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7471"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "date": "2019-06-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "date": "2019-06-11T21:29:00.397000",
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-39561"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-67473"
          },
          {
            "date": "2021-04-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7471"
          },
          {
            "date": "2019-06-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          },
          {
            "date": "2019-06-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          },
          {
            "date": "2024-11-21T02:01:05.363000",
            "db": "NVD",
            "id": "CVE-2013-7471"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  D-Link Command injection vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006844"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-399"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202306-0930

    Vulnerability from variot - Updated: 2024-08-14 14:01

    D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company.

    There is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0930",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18"
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "cve": "CVE-2023-33626",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-52856",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-33626",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-33626",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-52856",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202306-839",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a buffer overflow vulnerability in D-Link DIR-600 version 2.18. The vulnerability is caused by a boundary error in the file gena.cgi when processing untrusted input. Attackers can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-33626",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "id": "VAR-202306-0930",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          }
        ],
        "trust": 1.4148147999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:01:47.610000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://github.com/naihsin/iot/tree/main/d-link/dir-600/overflow"
          },
          {
            "trust": 1.6,
            "url": "https://www.dlink.com/en/security-bulletin/"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/naihsin/iot/blob/main/d-link/dir-600/overflow/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-33626/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "date": "2023-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "date": "2023-06-12T20:15:12.667000",
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          },
          {
            "date": "2023-06-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          },
          {
            "date": "2023-06-16T19:29:32.267000",
            "db": "NVD",
            "id": "CVE-2023-33626"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DIR-600 buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-52856"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-839"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202306-0904

    Vulnerability from variot - Updated: 2024-08-14 13:20

    D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company.

    There is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0904",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.18"
          },
          {
            "model": "dir-600",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.18"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "cve": "CVE-2023-33625",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-50813",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-33625",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-33625",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-50813",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202306-822",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. D-Link DIR-600 is a wireless router made by China D-Link Company. \n\r\n\r\nThere is a command injection vulnerability in D-Link DIR-600. in constructing commands. An attacker could exploit this vulnerability to cause arbitrary command execution",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-33625",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "id": "VAR-202306-0904",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          }
        ],
        "trust": 1.4148147999999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:20:13.113000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.dlink.com/en/security-bulletin/"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/naihsin/iot/blob/main/d-link/dir-600/cmd%20injection/readme.md"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/naihsin/iot/tree/main/d-link/dir-600/cmd%20injection"
          },
          {
            "trust": 1.0,
            "url": "https://hackmd.io/%40naihsin/by2datzd2"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-33625"
          },
          {
            "trust": 0.6,
            "url": "https://hackmd.io/@naihsin/by2datzd2"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-33625/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "date": "2023-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "date": "2023-06-12T20:15:12.610000",
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "date": "2023-06-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          },
          {
            "date": "2023-11-07T04:15:06.080000",
            "db": "NVD",
            "id": "CVE-2023-33625"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "D-Link DIR-600 Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202306-822"
          }
        ],
        "trust": 0.6
      }
    }