Search
Find a vulnerability
Search criteria
21 vulnerabilities found for dir-615 by dlink
VAR-201909-0903
Vulnerability from variot - Updated: 2025-11-18 15:24Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-655C, etc. are all wireless routers from Taiwan D-Link. Attackers can use this vulnerability to inject commands to invade the system. The following products and versions are affected: D-Link DIR-655C; DIR-866L; DIR-652; DHP-1565, etc.
Exploiting this issue could allow an malicious user to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0903",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-652",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dhp-1565",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-652",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-866l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-825",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-655",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.02b05"
},
{
"model": "dir-862l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-866l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b04"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dap-1533",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-835",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dhp-1565",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01"
},
{
"model": "dir-855l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-655",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-655c",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-652",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
},
{
"model": "dir-655",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "cx"
},
{
"model": "dir-866l",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
},
{
"model": "dhp-1565",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "ax"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dhp-1565_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-652_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-655_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-866l_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
}
]
},
"cve": "CVE-2019-16920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-16920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2019-16920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-33820",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-149115",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16920",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16920",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16920",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2019-16920",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-16920",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-16920",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-33820",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1326",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-149115",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-16920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. plural D-Link The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-655C, etc. are all wireless routers from Taiwan D-Link. Attackers can use this vulnerability to inject commands to invade the system. The following products and versions are affected: D-Link DIR-655C; DIR-866L; DIR-652; DHP-1565, etc. \n \nExploiting this issue could allow an malicious user to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16920"
},
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/766427",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16920",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#766427",
"trust": 1.9
},
{
"db": "SEEBUG",
"id": "SSVID-98079",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95198984",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-33820",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149115",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"id": "VAR-201909-0903",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
}
],
"trust": 1.3022921822222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33820"
}
]
},
"last_update_date": "2025-11-18T15:24:49.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.dlink.com/en/consumer"
},
{
"title": "myscan",
"trust": 0.1,
"url": "https://github.com/amcai/myscan "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://fortiguard.com/zeroday/fg-vd-19-117"
},
{
"trust": 1.7,
"url": "https://www.seebug.org/vuldb/ssvid-98079"
},
{
"trust": 1.5,
"url": "https://medium.com/@80vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/766427"
},
{
"trust": 1.0,
"url": "https://medium.com/%4080vul/determine-the-device-model-affected-by-cve-2019-16920-by-zoomeye-bf6fec7f9bb3"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2019-16920"
},
{
"trust": 0.8,
"url": "https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc3875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16920"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95198984/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16920"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#766427"
},
{
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"db": "VULHUB",
"id": "VHN-149115"
},
{
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-23T00:00:00",
"db": "CERT/CC",
"id": "VU#766427"
},
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-149115"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"date": "2019-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"date": "2019-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"date": "2019-09-27T12:15:10.017000",
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#766427"
},
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33820"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-149115"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16920"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1326"
},
{
"date": "2019-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009977"
},
{
"date": "2025-11-07T19:37:32.660000",
"db": "NVD",
"id": "CVE-2019-16920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link routers vulnerable to remote command execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#766427"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1326"
}
],
"trust": 0.6
}
}
VAR-201505-0274
Vulnerability from variot - Updated: 2025-11-18 15:12The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Provided by Buffalo Co., Ltd. WSR-300HP is wireless LAN It's a router. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-605l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.14b06"
},
{
"model": "dir-515",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "6.06b03"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.056b06"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.07b02"
},
{
"model": "wg1800hp3",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.5.1"
},
{
"model": "dir-900l",
"scope": "lt",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15b01"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "realtek",
"version": null
},
{
"model": "wg1200hp",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "wg1200hs2",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "2.5.0"
},
{
"model": "wg1800hp4",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.3.1"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "10.01b02"
},
{
"model": "w1200ex",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.3.1"
},
{
"model": "wr8165n",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "dir-501",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.07b02"
},
{
"model": "wf800hp",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "dir-905l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.05b01"
},
{
"model": "wg1900hp2",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.3.1"
},
{
"model": "wg1200hp2",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "2.5.0"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15"
},
{
"model": "w1200ex-ms",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.3.1"
},
{
"model": "w500p",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "w300p",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "wg1900hp",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "2.5.1"
},
{
"model": "wg1200hs",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "3.03b07"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15"
},
{
"model": "wf300hp2",
"scope": "eq",
"trust": 1.0,
"vendor": "aterm",
"version": "*"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b02"
},
{
"model": "wg1200hp3",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.3.1"
},
{
"model": "ld-ps/u1",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20643)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20650)"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20644)"
},
{
"model": "wrc-300febk",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20645, cve-2021-20646)"
},
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
},
{
"model": "wrc-f300nf",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.15 )"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "b1 ( firmware 2.056b06 )"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.056b06"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.14b06 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "bx ( firmware 2.07b02 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "c1 ( firmware 3.03b07 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14b06"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.07b02"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "3.03b07"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.15 )"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "b1 ( firmware 2.07b02 )"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.07b02"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.04b02 )"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a2 ( firmware 1.04b02 )"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b02"
},
{
"model": "dir-900l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.14b02 )"
},
{
"model": "dir-900l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14b02"
},
{
"model": "sdk",
"scope": null,
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
},
{
"model": "wsr-300hp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": null
},
{
"model": "wsr-300hp",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
"version": "firmware 2.30 and earlier"
},
{
"model": "rtl81xx sdk",
"scope": null,
"trust": 0.7,
"vendor": "realtek",
"version": null
},
{
"model": "dir-600l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-600l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.05"
},
{
"model": "dir-905l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.13"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.04"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:elecom:ld-ps_u1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:ncc-ewf100rmwh2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:wrc-1467ghbk-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:wrc-300febk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:wrc-300febk-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:wrc-300febk-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:elecom:wrc-f300nf",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ricky \"HeadlessZeke\" Lawshae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 1.6
},
"cve": "CVE-2014-8361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8361",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000194",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-8361",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000194",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 4.8,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8361",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2014-8361",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 0.8,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2014-8361",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2017-000194",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-8361",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76306",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-8361",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Provided by Buffalo Co., Ltd. WSR-300HP is wireless LAN It\u0027s a router. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8361"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
}
],
"trust": 4.14
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76306",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37169",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8361",
"trust": 6.0
},
{
"db": "ZDI",
"id": "ZDI-15-155",
"trust": 3.6
},
{
"db": "JVN",
"id": "JVN47580234",
"trust": 2.6
},
{
"db": "BID",
"id": "74330",
"trust": 2.1
},
{
"db": "DLINK",
"id": "SAP10055",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVN67456944",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "37169",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "132090",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN74871939",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2435",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581",
"trust": 0.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000028",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97587",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76306",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8361",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"id": "VAR-201505-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
}
],
"trust": 0.76817331
},
"last_update_date": "2025-11-18T15:12:18.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"title": "RTL81xx",
"trust": 0.8,
"url": "http://www.realtek.com/search/default.aspx?keyword=RTL81"
},
{
"title": "SAP10055",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
},
{
"title": "WSR-300HP Arbitrary Code Execution Vulnerability in",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20170804_2.html"
},
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.Vendor Contact Timeline:08/13/2014 - ZDI wrote to vendor requesting contact and PGP09/04/2014 - ZDI wrote to vendor requesting contact and PGP09/29/2014 - ZDI wrote to vendor requesting contact and PGP10/22/2014 - ZDI wrote to vendor requesting contact and PGP, indicated \"final\" email attempt and informed of intent to 0-day04/24/2015 - Public release of advisory-- Mitigation:Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.",
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx"
},
{
"title": "Realtek SDK miniigd SOAP Fixes for service remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96763"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/xuguowong/Mirai-MAL "
},
{
"title": "api.greynoise.io",
"trust": 0.1,
"url": "https://github.com/GreyNoise-Intelligence/api.greynoise.io "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/huawei-router-default-credential/140234/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/satori-author-linked-to-new-mirai-variant-masuta/129640/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/unpatched-router-vulnerability-could-lead-to-code-execution/112524/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-155/"
},
{
"trust": 2.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/74330"
},
{
"trust": 1.8,
"url": "http://jvn.jp/en/jp/jvn47580234/index.html"
},
{
"trust": 1.8,
"url": "http://jvn.jp/en/jp/jvn67456944/index.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/132090/realtek-sdk-miniigd-upnp-soap-command-execution.html"
},
{
"trust": 1.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
},
{
"trust": 1.1,
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"trust": 1.1,
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn47580234/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn74871939/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
},
{
"trust": 0.3,
"url": "http://www.realtek.com.tw/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"date": "2015-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-76306"
},
{
"date": "2015-05-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"date": "2015-04-24T00:00:00",
"db": "BID",
"id": "74330"
},
{
"date": "2015-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2015-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"date": "2015-05-01T15:59:01.287000",
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"date": "2019-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-76306"
},
{
"date": "2023-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"date": "2015-05-07T18:22:00",
"db": "BID",
"id": "74330"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2015-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"date": "2024-07-02T08:54:00",
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"date": "2025-10-22T00:15:39.940000",
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple ELECOM products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 0.6
}
}
VAR-202508-2643
Vulnerability from variot - Updated: 2025-10-05 23:18Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. DIR-110 firmware, DIR-412 firmware, DIR-600 firmware etc. D-Link Corporation The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-2643",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-645",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-815",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03"
},
{
"model": "dir-412",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-110",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-610",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-645",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-600",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-815",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-110",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "d-link dir-610",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-412",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"cve": "CVE-2018-25115",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-25115",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-25115",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-25115",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2018-25115",
"trust": 1.0,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2018-25115",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. DIR-110 firmware, DIR-412 firmware, DIR-600 firmware etc. D-Link Corporation The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-25115"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-25115",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "43496",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-015018",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"id": "VAR-202508-2643",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6754550085714286
},
"last_update_date": "2025-10-05T23:18:25.626000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
},
{
"trust": 1.8,
"url": "https://legacy.us.dlink.com/"
},
{
"trust": 1.8,
"url": "https://support.dlink.com/endoflifepolicy.aspx"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/43496"
},
{
"trust": 1.8,
"url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25115"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"date": "2025-08-27T22:15:31.370000",
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-03T08:58:00",
"db": "JVNDB",
"id": "JVNDB-2025-015018"
},
{
"date": "2025-09-24T18:03:34.613000",
"db": "NVD",
"id": "CVE-2018-25115"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0Corporation\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-015018"
}
],
"trust": 0.8
}
}
VAR-202508-0069
Vulnerability from variot - Updated: 2025-09-28 03:24An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life. D-Link Corporation of DIR-300 firmware and DIR-615 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202508-0069",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-300",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05"
},
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "4.13"
},
{
"model": "dir-615",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-300",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"cve": "CVE-2013-10050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2013-10050",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-10050",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-10050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "disclosure@vulncheck.com",
"id": "CVE-2013-10050",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2013-10050",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in multiple D-Link routers\u2014confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)\u2014via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life. D-Link Corporation of DIR-300 firmware and DIR-615 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-10050"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-10050",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "27428",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "25024",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-014483",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"id": "VAR-202508-0069",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.65854702
},
"last_update_date": "2025-09-28T03:24:16.068000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/dlink_dir300_exec_telnet.rb"
},
{
"trust": 1.8,
"url": "https://web.archive.org/web/20140830203110/http://www.s3cur1ty.de/m1adv2013-014"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/25024"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/27428"
},
{
"trust": 1.8,
"url": "https://www.vulncheck.com/advisories/d-link-legacy-unauth-rce-2"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/raw/25024"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-10050"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"date": "2025-08-01T21:15:26.923000",
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-25T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2025-014483"
},
{
"date": "2025-09-23T17:38:12.313000",
"db": "NVD",
"id": "CVE-2013-10050"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Corporation\u00a0 of \u00a0DIR-300\u00a0 firmware and \u00a0DIR-615\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-014483"
}
],
"trust": 0.8
}
}
VAR-201707-1079
Vulnerability from variot - Updated: 2025-04-20 23:40The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. D-Link DIR-615 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. There is a security vulnerability in D-Link DIR-615 versions prior to 20.12PTb04
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20.12ptb01"
},
{
"model": "dir-615",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "20.12ptb04"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "20.12ptb01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-615",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
}
]
},
"cve": "CVE-2017-7406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7406",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115609",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7406",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7406",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7406",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7406",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-027",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115609",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115609"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DIR-615 device before v20.12PTb04 doesn\u0027t use SSL for any of the authenticated pages. Also, it doesn\u0027t allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user\u0027s credentials and/or credentials of users being added while sniffing the traffic. D-Link DIR-615 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. There is a security vulnerability in D-Link DIR-615 versions prior to 20.12PTb04",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7406"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "VULHUB",
"id": "VHN-115609"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7406",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-115609",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115609"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"id": "VAR-201707-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115609"
}
],
"trust": 0.71709404
},
"last_update_date": "2025-04-20T23:40:03.029000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615 Firmware Release Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"
},
{
"title": "D-Link DIR-615 Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100387"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115609"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_firmware_patch_v20.12ptb04.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7406"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7406"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115609"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115609"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115609"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"date": "2017-07-07T12:29:00.323000",
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-115609"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005609"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-027"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Cryptographic vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005609"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-027"
}
],
"trust": 0.6
}
}
VAR-201707-0541
Vulnerability from variot - Updated: 2025-04-20 23:30D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. D-Link DIR-615 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-615 is a small wireless router product from D-Link. A security vulnerability exists in versions prior to D-LinkDIR-61520.12PTb04
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0541",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20.12ptb01"
},
{
"model": "dir-615",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "20.12ptb04"
},
{
"model": "dir-615 \u003cv20.12ptb04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "20.12ptb01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
}
]
},
"cve": "CVE-2017-11436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11436",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24406",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11436",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11436",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11436",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11436",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-24406",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-913",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. D-Link DIR-615 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-615 is a small wireless router product from D-Link. A security vulnerability exists in versions prior to D-LinkDIR-61520.12PTb04",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11436"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11436",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-24406",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101858",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"id": "VAR-201707-0541",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
}
]
},
"last_update_date": "2025-04-20T23:30:55.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615 Firmware Release Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_RELEASE_NOTES_20.12PTB04.pdf"
},
{
"title": "Patch for D-LinkDIR Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101441"
},
{
"title": "D-Link DIR-615 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.rootlabs.com.br/backdoor-dlink-dir-615/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11436"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_release_notes_20.12ptb04.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11436"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"db": "VULHUB",
"id": "VHN-101858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"date": "2017-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-101858"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"date": "2017-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"date": "2017-07-19T07:29:00.253000",
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24406"
},
{
"date": "2017-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-101858"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006978"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-913"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006978"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-913"
}
],
"trust": 0.6
}
}
VAR-201707-1077
Vulnerability from variot - Updated: 2025-04-20 23:26On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. D-Link DIR-615 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20.12ptb01"
},
{
"model": "dir-615",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "20.12ptb04"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "20.12ptb01"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-615",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
}
]
},
"cve": "CVE-2017-7404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7404",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-115607",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7404",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7404",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7404",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-029",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115607",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115607"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router\u0027s Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim\u0027s Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim\u0027s Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. D-Link DIR-615 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "VULHUB",
"id": "VHN-115607"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7404",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115607",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115607"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"id": "VAR-201707-1077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115607"
}
],
"trust": 0.71709404
},
"last_update_date": "2025-04-20T23:26:02.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615 Firmware Release Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"
},
{
"title": "D-Link DIR-615 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148414"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115607"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_firmware_patch_v20.12ptb04.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7404"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7404"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115607"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115607"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115607"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"date": "2017-07-07T12:29:00.260000",
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-115607"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005607"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-029"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005607"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-029"
}
],
"trust": 0.6
}
}
VAR-201707-1078
Vulnerability from variot - Updated: 2025-04-20 23:23On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. D-Link DIR-615 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link.
D-Link DIR-615 has an authorization issue vulnerability. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "20.12ptb01"
},
{
"model": "dir-615",
"scope": "lt",
"trust": 0.8,
"vendor": "d link",
"version": "20.12ptb04"
},
{
"model": "dir-615 \u003c20.12ptb04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": "20.12ptb01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-615",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
}
]
},
"cve": "CVE-2017-7405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7405",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-46983",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115608",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7405",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7405",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7405",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7405",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-46983",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-028",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115608",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim\u0027s host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim\u0027s and router\u0027s IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim\u0027s router and take over his session as he won\u0027t be prompted for credentials. D-Link DIR-615 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. \n\r\n\r\nD-Link DIR-615 has an authorization issue vulnerability. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7405",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-46983",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-98111",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115608",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"id": "VAR-201707-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
}
]
},
"last_update_date": "2025-04-20T23:23:42.858000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615 Firmware Release Notes",
"trust": 0.8,
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"
},
{
"title": "Patch for D-Link DIR-615 authorization issue vulnerability (CNVD-2019-46983)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/195293"
},
{
"title": "D-Link DIR-615 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148413"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115608"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"
},
{
"trust": 1.1,
"url": "ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_firmware_patch_v20.12ptb04.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7405"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7405"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"db": "VULHUB",
"id": "VHN-115608"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115608"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"date": "2017-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"date": "2017-07-07T12:29:00.293000",
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-46983"
},
{
"date": "2017-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-115608"
},
{
"date": "2017-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005608"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-028"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-028"
}
],
"trust": 0.6
}
}
VAR-201004-0071
Vulnerability from variot - Updated: 2025-04-11 21:04The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. D-Link DIR-615 Is apply.cgi The following vulnerabilities exist because management authentication for is not required. The D-Link DIR-615 is a small wireless router. The DIR-615 router does not restrict access to the apply.cgi script. D-Link DIR-615 is is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to bypass security restrictions and access certain administrative functions. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: D-Link DIR-615 "apply.cgi" Security Bypass Vulnerability
SECUNIA ADVISORY ID: SA37777
VERIFY ADVISORY: http://secunia.com/advisories/37777/
DESCRIPTION: gerry has reported a vulnerability in D-Link DIR-615, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to e.g. change the administrator password via a specially crafted HTTP request.
The vulnerability is reported in firmware version 3.10NA. Other versions may also be affected.
PROVIDED AND/OR DISCOVERED BY: gerry
ORIGINAL ADVISORY: http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "3.10na"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "firmware 3.10na"
},
{
"model": "dir-615",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "BID",
"id": "37415"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:d-link:dir-615",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "gerry",
"sources": [
{
"db": "BID",
"id": "37415"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-4821",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-4741",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-42267",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4821",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-4821",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2010-4741",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201004-437",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-42267",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. D-Link DIR-615 Is apply.cgi The following vulnerabilities exist because management authentication for is not required. The D-Link DIR-615 is a small wireless router. The DIR-615 router does not restrict access to the apply.cgi script. D-Link DIR-615 is is prone to a security-bypass vulnerability. \nRemote attackers can exploit this issue to bypass security restrictions and access certain administrative functions. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nD-Link DIR-615 \"apply.cgi\" Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA37777\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37777/\n\nDESCRIPTION:\ngerry has reported a vulnerability in D-Link DIR-615, which can be\nexploited by malicious people to bypass certain security\nrestrictions. This can be exploited to e.g. \nchange the administrator password via a specially crafted HTTP\nrequest. \n\nThe vulnerability is reported in firmware version 3.10NA. Other\nversions may also be affected. \n\nPROVIDED AND/OR DISCOVERED BY:\ngerry\n\nORIGINAL ADVISORY:\nhttp://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4821"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "BID",
"id": "37415"
},
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "PACKETSTORM",
"id": "84047"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4821",
"trust": 3.2
},
{
"db": "BID",
"id": "37415",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "37777",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-4741",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14237",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90206",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-42267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84047",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "BID",
"id": "37415"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "PACKETSTORM",
"id": "84047"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"id": "VAR-201004-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "VULHUB",
"id": "VHN-42267"
}
],
"trust": 1.41709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"network device"
],
"sub_category": "router",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
}
]
},
"last_update_date": "2025-04-11T21:04:51.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/37415"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37777"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4821"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4821"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/37415/info"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14237"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/?pid=565"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37777/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "BID",
"id": "37415"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "PACKETSTORM",
"id": "84047"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"db": "VULHUB",
"id": "VHN-42267"
},
{
"db": "BID",
"id": "37415"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"db": "PACKETSTORM",
"id": "84047"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"date": "2010-04-27T00:00:00",
"db": "VULHUB",
"id": "VHN-42267"
},
{
"date": "2009-12-18T00:00:00",
"db": "BID",
"id": "37415"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"date": "2009-12-18T13:34:53",
"db": "PACKETSTORM",
"id": "84047"
},
{
"date": "2009-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"date": "2010-04-27T15:30:00.890000",
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-4741"
},
{
"date": "2010-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-42267"
},
{
"date": "2009-12-19T01:13:00",
"db": "BID",
"id": "37415"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003718"
},
{
"date": "2010-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-437"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2009-4821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 In DNS Vulnerability whose settings are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003718"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-437"
}
],
"trust": 0.6
}
}
VAR-201910-1280
Vulnerability from variot - Updated: 2024-11-23 22:58An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. D-Link DIR-615 There is an authentication vulnerability in the device firmware.Information may be obtained and information may be altered. D-Link DIR-615 is a wireless router from D-Link, Taiwan. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "20.07"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "20.05"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.05"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
}
]
},
"cve": "CVE-2019-17353",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17353",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22295",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-149591",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17353",
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-17353",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17353",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-17353",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-505",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149591",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-17353",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. D-Link DIR-615 There is an authentication vulnerability in the device firmware.Information may be obtained and information may be altered. D-Link DIR-615 is a wireless router from D-Link, Taiwan. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "VULMON",
"id": "CVE-2019-17353"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17353",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22295",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201910-505",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-149591",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-17353",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"id": "VAR-201910-1280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
}
]
},
"last_update_date": "2024-11-23T22:58:29.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Responsible Security Issue Reporting and Response",
"trust": 0.8,
"url": "https://us.dlink.com/en/security-advisory"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/d0x0/d-link-dir-615/blob/master/cve-2019-17353"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17353"
},
{
"trust": 1.8,
"url": "https://us.dlink.com/en/security-advisory"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.8,
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17353"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"db": "VULHUB",
"id": "VHN-149591"
},
{
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-149591"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"date": "2019-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"date": "2019-10-09T12:15:10.467000",
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22295"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-149591"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17353"
},
{
"date": "2019-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010636"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-505"
},
{
"date": "2024-11-21T04:32:09.230000",
"db": "NVD",
"id": "CVE-2019-17353"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Authentication vulnerabilities in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010636"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-505"
}
],
"trust": 0.6
}
}
VAR-202109-1681
Vulnerability from variot - Updated: 2024-11-23 22:51An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. D-LINK-DIR-615 Exists in a fraudulent authentication vulnerability.Information may be obtained. D-Link DIR-615 is a SOHO wireless router with a maximum transmission rate of 300Mbps
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "17.00"
},
{
"model": "dir-615",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-615 firmware"
},
{
"model": "dir-615 b2 2.01mt",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"cve": "CVE-2021-40654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-40654",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-94834",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-40654",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40654",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40654",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-40654",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-94834",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1688",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-40654",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. D-LINK-DIR-615 Exists in a fraudulent authentication vulnerability.Information may be obtained. D-Link DIR-615 is a SOHO wireless router with a maximum transmission rate of 300Mbps",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "VULMON",
"id": "CVE-2021-40654"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40654",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94834",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40654",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"id": "VAR-202109-1681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
}
],
"trust": 1.4085470199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
}
]
},
"last_update_date": "2024-11-23T22:51:00.469000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DIR-615 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/302901"
},
{
"title": "D-link Dir-605 B2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164213"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/ilovewomen/d-link-dir-615"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40654"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"date": "2021-09-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"date": "2021-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"date": "2021-09-24T21:15:07.257000",
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94834"
},
{
"date": "2021-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40654"
},
{
"date": "2022-08-31T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-012444"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1688"
},
{
"date": "2024-11-21T06:24:31.127000",
"db": "NVD",
"id": "CVE-2021-40654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-LINK-DIR-615\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1688"
}
],
"trust": 0.6
}
}
VAR-201808-0267
Vulnerability from variot - Updated: 2024-11-23 22:38Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "20.07"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "20.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
}
]
},
"cve": "CVE-2018-15875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-15875",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-16522",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-126178",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-15875",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-15875",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15875",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-15875",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16522",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-813",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126178",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router\u0027s admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15875",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16522",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126178",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"id": "VAR-201808-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
}
]
},
"last_update_date": "2024-11-23T22:38:05.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615",
"trust": 0.8,
"url": "https://support.dlink.com/ProductInfo.aspx?m=DIR-615"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/reevesrs24/cve/blob/master/d-link_dir-615/xss_upnp/dlink_dir615_xss_upnp.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15875"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15875"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"db": "VULHUB",
"id": "VHN-126178"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"date": "2018-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-126178"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"date": "2018-08-25T19:29:00.623000",
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16522"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-126178"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009212"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-813"
},
{
"date": "2024-11-21T03:51:37.517000",
"db": "NVD",
"id": "CVE-2018-15875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-813"
}
],
"trust": 0.6
}
}
VAR-201912-1419
Vulnerability from variot - Updated: 2024-11-23 22:21On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. D-Link DIR-615 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-Link DIR-615 is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "20.07"
},
{
"model": "dir-615",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.6,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
}
]
},
"cve": "CVE-2019-19742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19742",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.4,
"id": "CNVD-2020-02707",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2019-19742",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-19742",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19742",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-19742",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-02707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-847",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-19742",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. D-Link DIR-615 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-Link DIR-615 is a wireless router from Taiwan D-Link Corporation. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19742"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "VULMON",
"id": "CVE-2019-19742"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19742",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "47776",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02707",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19742",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"id": "VAR-201912-1419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
}
],
"trust": 1.21709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
}
]
},
"last_update_date": "2024-11-23T22:21:22.733000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.7,
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/47776"
},
{
"trust": 1.7,
"url": "https://pastebin.com/edit/mzv6dng7"
},
{
"trust": 1.7,
"url": "https://infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-router.html"
},
{
"trust": 1.5,
"url": "https://medium.com/@infosecsanyam/d-link-dir-615-wireless-router-persistent-cross-site-scripting-6ee00f5c694d"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19742"
},
{
"trust": 1.0,
"url": "https://medium.com/%40infosecsanyam/d-link-dir-615-wireless-router-persistent-cross-site-scripting-6ee00f5c694d"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19742"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"date": "2019-12-18T13:15:11.803000",
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02707"
},
{
"date": "2021-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19742"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013383"
},
{
"date": "2019-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-847"
},
{
"date": "2024-11-21T04:35:17.893000",
"db": "NVD",
"id": "CVE-2019-19742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013383"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-847"
}
],
"trust": 0.6
}
}
VAR-201808-0266
Vulnerability from variot - Updated: 2024-11-23 22:06Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": "20.07"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.4,
"vendor": "d link",
"version": "20.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
}
]
},
"cve": "CVE-2018-15874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-15874",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-16520",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-126177",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-15874",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-15874",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15874",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-15874",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-16520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-814",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126177",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the \"Status -\u003e Active Client Table\" page via the hostname field in a DHCP request. D-Link DIR-615 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-LinkDIR-615 is a small wireless router product from D-Link. A cross-site scripting vulnerability exists in D-LinkDIR-61520.07",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15874"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15874",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-16520",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126177",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"id": "VAR-201808-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
}
]
},
"last_update_date": "2024-11-23T22:06:39.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615",
"trust": 0.8,
"url": "https://support.dlink.com/ProductInfo.aspx?m=DIR-615"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126177"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://github.com/reevesrs24/cve/blob/master/d-link_dir-615/xss_dhcp/dlink_dir615_xss_dhcp.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15874"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15874"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"db": "VULHUB",
"id": "VHN-126177"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"date": "2018-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-126177"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"date": "2018-08-25T19:29:00.497000",
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-16520"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-126177"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009213"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-814"
},
{
"date": "2024-11-21T03:51:37.360000",
"db": "NVD",
"id": "CVE-2018-15874"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-814"
}
],
"trust": 0.6
}
}
VAR-201808-0206
Vulnerability from variot - Updated: 2024-11-23 21:52D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. D-Link DIR-615 Devices contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-615 is a small wireless router product from D-Link. A buffer overflow vulnerability exists in D-LinkDIR-615. An attacker could exploit the vulnerability with a longer Authorization HTTP header to log off the router and cause a network outage
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.6,
"vendor": "dlink",
"version": null
},
{
"model": "dir-615",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
}
]
},
"cve": "CVE-2018-15839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-15839",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-17063",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-126138",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15839",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15839",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15839",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-15839",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-17063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-889",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-126138",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. D-Link DIR-615 Devices contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-615 is a small wireless router product from D-Link. A buffer overflow vulnerability exists in D-LinkDIR-615. An attacker could exploit the vulnerability with a longer Authorization HTTP header to log off the router and cause a network outage",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15839"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-126138",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126138"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15839",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45317",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-17063",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149200",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126138",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"id": "VAR-201808-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
}
],
"trust": 1.31709404
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
}
]
},
"last_update_date": "2024-11-23T21:52:56.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615",
"trust": 0.8,
"url": "http://www.dlink.ru/ru/products/5/2067.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45317/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15839"
},
{
"trust": 1.1,
"url": "https://hackingvila.wordpress.com/2018/08/24/d-link-dir-615-buffer-overflow-via-a-long-authorization-http-header-click-here/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15839"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/45317"
},
{
"trust": 0.6,
"url": "http-header-click-here/"
},
{
"trust": 0.6,
"url": "https://hackingvila.wordpress.com/2018/08/24/d-link-dir-615-buffer-overflow-via-a-long-authorization-"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"db": "VULHUB",
"id": "VHN-126138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"date": "2018-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-126138"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"date": "2018-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"date": "2018-08-28T17:29:01.937000",
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-17063"
},
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-126138"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010020"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-889"
},
{
"date": "2024-11-21T03:51:32.340000",
"db": "NVD",
"id": "CVE-2018-15839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Device buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-889"
}
],
"trust": 0.6
}
}
VAR-202004-0708
Vulnerability from variot - Updated: 2024-11-23 21:35The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. D-Link DIR-615 T1 The device is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-615 is a wireless router from D-Link, Taiwan.
D-Link DIR-615 T1 20.10 version of the login page has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.10"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "20.10"
},
{
"model": "dir-615 t1",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "20.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-615_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huzaifa Hussain",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
}
],
"trust": 0.6
},
"cve": "CVE-2019-17525",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2019-17525",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004959",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-27248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-17525",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004959",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17525",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004959",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-27248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1832",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. D-Link DIR-615 T1 The device is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-615 is a wireless router from D-Link, Taiwan. \n\r\n\r\nD-Link DIR-615 T1 20.10 version of the login page has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17525"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "CNVD",
"id": "CNVD-2020-27248"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17525",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "157936",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-27248",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48551",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1832",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"id": "VAR-202004-0708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
}
],
"trust": 1.13771369
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
}
]
},
"last_update_date": "2024-11-23T21:35:59.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DIR-615",
"trust": 0.8,
"url": "http://www.dlink.ru/ru/products/5/2067.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/huzaifahussain98/cve-2019-17525/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17525"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/157936/d-link-dir-615-t1-20.10-captcha-bypass.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17525"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48551"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"date": "2020-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"date": "2020-04-21T19:15:12.660000",
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27248"
},
{
"date": "2020-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004959"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1832"
},
{
"date": "2024-11-21T04:32:26.770000",
"db": "NVD",
"id": "CVE-2019-17525"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 T1 Vulnerability in improperly limiting excessive authentication attempts on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004959"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1832"
}
],
"trust": 0.6
}
}
VAR-202108-1937
Vulnerability from variot - Updated: 2024-08-14 15:17A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. D-Link DIR-615 C2 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-615 is a wireless router made by D-Link in Taiwan.
D-Link DIR-615 has a security vulnerability, which is caused by incorrectly verifying the data boundary when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "3.03ww"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-615 firmware 3.03ww"
},
{
"model": "dir-615 c2 3.03ww",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"cve": "CVE-2021-37388",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-37388",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-94836",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-37388",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-37388",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-37388",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-37388",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-94836",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-675",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-37388",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution. D-Link DIR-615 C2 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-615 is a wireless router made by D-Link in Taiwan. \n\r\n\r\nD-Link DIR-615 has a security vulnerability, which is caused by incorrectly verifying the data boundary when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37388"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "VULMON",
"id": "CVE-2021-37388"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37388",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-94836",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37388",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"id": "VAR-202108-1937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
}
],
"trust": 1.4085470199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
}
]
},
"last_update_date": "2024-08-14T15:17:07.654000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link DIR-615 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/302911"
},
{
"title": "D-Link DIR-615 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158972"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37388"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.7,
"url": "https://github.com/noobexploiter/iothacks/blob/main/vuln1.md"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"date": "2021-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"date": "2022-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"date": "2021-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"date": "2021-08-06T12:15:07.057000",
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-94836"
},
{
"date": "2021-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37388"
},
{
"date": "2022-05-13T08:37:00",
"db": "JVNDB",
"id": "JVNDB-2021-009619"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-675"
},
{
"date": "2021-08-13T18:00:58.260000",
"db": "NVD",
"id": "CVE-2021-37388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0DIR-615\u00a0C2\u00a0 Buffer Overflow Vulnerability in Linux",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009619"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-675"
}
],
"trust": 0.6
}
}
VAR-202401-0959
Vulnerability from variot - Updated: 2024-08-14 15:15A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-0959",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-x1860",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-878",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dsl-224",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dap-1360",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dvg-5402g",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-615",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-820",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dwm-321",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dsl-2640u",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-620",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-x1530",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-815\\/ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-815s",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-1260",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-842",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dwr-953",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-841",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-816",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-842s",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-1210",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-615gf",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-620s",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-825acf",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-615t",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-815",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-825",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-853",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-822",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-882",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dsl-2750u",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dwr-921",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-825acg1",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-825ac",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dsl-245gr",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-806a",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dvg-n5402g",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dsl-g2452gr",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-300",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dwm-312w",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-843",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dvg-n5402g\\/il",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-2150",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-615s",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dvg-5402g\\/gfru",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2024-01-12"
},
{
"model": "dir-825",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615t",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-825acf",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-825acg1",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-x1530",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-842s",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-853",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-1210",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-1260",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-806a",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-815",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-841",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-815s",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-842",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-878",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsl-g2452gr",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-822",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dsl-245gr",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-300",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"cve": "CVE-2024-0717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2024-0717",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2024-0717",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-0717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2024-0717",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-0717",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-0717",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. dir-825acg1 firmware, DIR-841 firmware, dir-1260 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-0717"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-0717",
"trust": 2.6
},
{
"db": "VULDB",
"id": "251542",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-001679",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"id": "VAR-202401-0959",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.538983995625
},
"last_update_date": "2024-08-14T15:15:35.797000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/999zzzzz/d-link"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?ctiid.251542"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.251542"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-0717"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"date": "2024-01-19T16:15:11.190000",
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T01:48:00",
"db": "JVNDB",
"id": "JVNDB-2024-001679"
},
{
"date": "2024-05-17T02:34:53.200000",
"db": "NVD",
"id": "CVE-2024-0717"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0Systems,\u00a0Inc.\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-001679"
}
],
"trust": 0.8
}
}
VAR-202208-1907
Vulnerability from variot - Updated: 2024-08-14 14:17The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. DIR-615 firmware, DIR-615 J1 firmware, dir-615 t1 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1907",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615 j1",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.06"
},
{
"model": "dir-615 t1",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.06"
},
{
"model": "dir-615jx10",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.06"
},
{
"model": "dir-615",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "20.06"
},
{
"model": "dir-615jx10",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615 t1",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-615 j1",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"cve": "CVE-2021-42627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-42627",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-42627",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-42627",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-42627",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3737",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WAN configuration page \"wan.htm\" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. DIR-615 firmware, DIR-615 J1 firmware, dir-615 t1 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-42627"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-42627",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020186",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3737",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"id": "VAR-202208-1907",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.46677351
},
"last_update_date": "2024-08-14T14:17:44.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link DIR-615 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205782"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://dlink.com"
},
{
"trust": 2.4,
"url": "https://github.com/sanjokkarki/d-link-dir-615/blob/main/cve-2021-42627"
},
{
"trust": 2.4,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.6,
"url": "http://d-link.com"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42627"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-42627/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"date": "2022-08-23T12:15:08.487000",
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-26T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2021-020186"
},
{
"date": "2022-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3737"
},
{
"date": "2023-04-26T18:55:30.893000",
"db": "NVD",
"id": "CVE-2021-42627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0Systems,\u00a0Inc.\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3737"
}
],
"trust": 0.6
}
}
CVE-2009-4821 (GCVE-0-2009-4821)
Vulnerability from nvd – Published: 2010-04-27 15:00 – Updated: 2024-09-17 01:36
VLAI
Summary
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/37415 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/37777 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hiredhacker.com/2009/12/15/d-link-dir-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37415",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37415",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37777"
},
{
"name": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/",
"refsource": "MISC",
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4821",
"datePublished": "2010-04-27T15:00:00.000Z",
"dateReserved": "2010-04-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:54.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4821 (GCVE-0-2009-4821)
Vulnerability from cvelistv5 – Published: 2010-04-27 15:00 – Updated: 2024-09-17 01:36
VLAI
Summary
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/37415 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/37777 | third-party-advisoryx_refsource_SECUNIA |
| http://www.hiredhacker.com/2009/12/15/d-link-dir-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37415",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-27T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37415",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37415"
},
{
"name": "37777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37777"
},
{
"name": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/",
"refsource": "MISC",
"url": "http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4821",
"datePublished": "2010-04-27T15:00:00.000Z",
"dateReserved": "2010-04-27T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:36:54.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}