Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for dir-815 by d-link

    CVE-2018-25115 (GCVE-0-2018-25115)

    Vulnerability from nvd – Published: 2025-08-27 21:24 – Updated: 2026-05-25 23:40 X_Known Exploited Vulnerability Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-110/412/600/615/645/815 RCE via service.cgi
    Summary
    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Date Public
    2018-01-10 00:00
    Credits
    Cr0n1c
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:53:40.553346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:55:16.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-110",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-412",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-645",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-110:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-100:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-600:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-815:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cr0n1c"
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2025-08-21 UTC.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:40:59.072Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43496"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://legacy.us.dlink.com/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://support.dlink.com/EndOfLifePolicy.aspx"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_known-exploited-vulnerability",
            "unsupported-when-assigned"
          ],
          "title": "D-Link DIR-110/412/600/615/645/815 RCE via service.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25115",
        "datePublished": "2025-08-27T21:24:23.427Z",
        "dateReserved": "2025-08-25T17:39:38.473Z",
        "dateUpdated": "2026-05-25T23:40:59.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6328 (GCVE-0-2025-6328)

    Vulnerability from nvd – Published: 2025-06-20 09:31 – Updated: 2025-06-20 18:31
    VLAI
    Title
    D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow
    Summary
    A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.313324 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.313324 signaturepermissions-required
    https://vuldb.com/?submit.596439 third-party-advisory
    https://github.com/Thir0th/Thir0th-CVE/blob/main/… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-815 Affected: 1.01
    Create a notification for this product.
    Credits
    liuchangwei (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T18:28:58.972027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T18:31:01.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "liuchangwei (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DIR-815 1.01 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion sub_403794 der Datei hedwig.cgi. Dank der Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-20T09:31:05.441Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313324 | D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313324"
            },
            {
              "name": "VDB-313324 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313324"
            },
            {
              "name": "Submit #596439 | D-Link DIR-815 RevA v1.01 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.596439"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/D-Link%20DIR-815%20RevA%20v1.01.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T12:12:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6328",
        "datePublished": "2025-06-20T09:31:05.441Z",
        "dateReserved": "2025-06-19T10:07:37.695Z",
        "dateUpdated": "2025-06-20T18:31:01.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0717 (GCVE-0-2024-0717)

    Vulnerability from nvd – Published: 2024-01-19 15:31 – Updated: 2025-05-30 14:26
    VLAI
    Title
    D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
    Summary
    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.251542 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.251542 signaturepermissions-required
    https://github.com/999zzzzz/D-Link exploit
    Impacted products
    Vendor Product Version
    D-Link DAP-1360 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-300 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615GF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615T Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-806A Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-816 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-820 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-822 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACG1 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-841 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-843 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-853 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-878 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-882 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1210 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1260 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-2150 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1530 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1860 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-224 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-245GR Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2640U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2750U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-G2452GR Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402GFRU Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G-IL Affected: 20240112
    Create a notification for this product.
    D-Link DWM-312W Affected: 20240112
    Create a notification for this product.
    D-Link DWM-321 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-921 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-953 Affected: 20240112
    Create a notification for this product.
    D-Link Good Line Router v2 Affected: 20240112
    Create a notification for this product.
    Credits
    99iz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.251542"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.251542"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/999zzzzz/D-Link"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0717",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:37.136211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:26:30.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DAP-1360",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615GF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-806A",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-820",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-822",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACG1",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-841",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-843",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-853",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-878",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-882",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1210",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1260",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-2150",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1530",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1860",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-224",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-245GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2640U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2750U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-G2452GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402GFRU",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G-IL",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-312W",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-321",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-953",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "Good Line Router v2",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "99iz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-19T15:31:04.290Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.251542"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.251542"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/999zzzzz/D-Link"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-19T08:26:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0717",
        "datePublished": "2024-01-19T15:31:04.290Z",
        "dateReserved": "2024-01-19T07:21:32.386Z",
        "dateUpdated": "2025-05-30T14:26:30.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-25115 (GCVE-0-2018-25115)

    Vulnerability from cvelistv5 – Published: 2025-08-27 21:24 – Updated: 2026-05-25 23:40 X_Known Exploited Vulnerability Unsupported When Assigned
    VLAI
    Title
    D-Link DIR-110/412/600/615/645/815 RCE via service.cgi
    Summary
    Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Date Public
    2018-01-10 00:00
    Credits
    Cr0n1c
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-25115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-28T13:53:40.553346Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-28T13:55:16.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-110",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-412",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-600",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-645",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "service.cgi"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-110:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-100:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-600:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:dlink:dir-645:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:d-link:dir-815:*:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cr0n1c"
            }
          ],
          "datePublic": "2018-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2025-08-21 UTC.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:40:59.072Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://github.com/Cr0n1c/dlink_shell_poc/blob/master/dlink_auth_rce"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/43496"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://legacy.us.dlink.com/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://support.dlink.com/EndOfLifePolicy.aspx"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dlink-dir-rce-service-cgi"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "tags": [
            "x_known-exploited-vulnerability",
            "unsupported-when-assigned"
          ],
          "title": "D-Link DIR-110/412/600/615/645/815 RCE via service.cgi",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2018-25115",
        "datePublished": "2025-08-27T21:24:23.427Z",
        "dateReserved": "2025-08-25T17:39:38.473Z",
        "dateUpdated": "2026-05-25T23:40:59.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6328 (GCVE-0-2025-6328)

    Vulnerability from cvelistv5 – Published: 2025-06-20 09:31 – Updated: 2025-06-20 18:31
    VLAI
    Title
    D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow
    Summary
    A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.313324 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.313324 signaturepermissions-required
    https://vuldb.com/?submit.596439 third-party-advisory
    https://github.com/Thir0th/Thir0th-CVE/blob/main/… exploit
    https://www.dlink.com/ product
    Impacted products
    Vendor Product Version
    D-Link DIR-815 Affected: 1.01
    Create a notification for this product.
    Credits
    liuchangwei (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-20T18:28:58.972027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-20T18:31:01.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "liuchangwei (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In D-Link DIR-815 1.01 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion sub_403794 der Datei hedwig.cgi. Dank der Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-20T09:31:05.441Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-313324 | D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.313324"
            },
            {
              "name": "VDB-313324 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.313324"
            },
            {
              "name": "Submit #596439 | D-Link DIR-815 RevA v1.01 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.596439"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/D-Link%20DIR-815%20RevA%20v1.01.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.dlink.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-06-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-06-19T12:12:50.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-6328",
        "datePublished": "2025-06-20T09:31:05.441Z",
        "dateReserved": "2025-06-19T10:07:37.695Z",
        "dateUpdated": "2025-06-20T18:31:01.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0717 (GCVE-0-2024-0717)

    Vulnerability from cvelistv5 – Published: 2024-01-19 15:31 – Updated: 2025-05-30 14:26
    VLAI
    Title
    D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
    Summary
    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.251542 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.251542 signaturepermissions-required
    https://github.com/999zzzzz/D-Link exploit
    Impacted products
    Vendor Product Version
    D-Link DAP-1360 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-300 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615GF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-615T Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-620S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-806A Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-815S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-816 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-820 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-822 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825AC Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACF Affected: 20240112
    Create a notification for this product.
    D-Link DIR-825ACG1 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-841 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-842S Affected: 20240112
    Create a notification for this product.
    D-Link DIR-843 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-853 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-878 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-882 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1210 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-1260 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-2150 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1530 Affected: 20240112
    Create a notification for this product.
    D-Link DIR-X1860 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-224 Affected: 20240112
    Create a notification for this product.
    D-Link DSL-245GR Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2640U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-2750U Affected: 20240112
    Create a notification for this product.
    D-Link DSL-G2452GR Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-5402GFRU Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G Affected: 20240112
    Create a notification for this product.
    D-Link DVG-N5402G-IL Affected: 20240112
    Create a notification for this product.
    D-Link DWM-312W Affected: 20240112
    Create a notification for this product.
    D-Link DWM-321 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-921 Affected: 20240112
    Create a notification for this product.
    D-Link DWR-953 Affected: 20240112
    Create a notification for this product.
    D-Link Good Line Router v2 Affected: 20240112
    Create a notification for this product.
    Credits
    99iz (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:11:35.784Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.251542"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.251542"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/999zzzzz/D-Link"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0717",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:37.136211Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T14:26:30.162Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DAP-1360",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-300",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615GF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-615T",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-620S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-806A",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-815S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-816",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-820",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-822",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825AC",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACF",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-825ACG1",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-841",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-842S",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-843",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-853",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-878",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-882",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1210",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-1260",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-2150",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1530",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DIR-X1860",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-224",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-245GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2640U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-2750U",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DSL-G2452GR",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-5402GFRU",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DVG-N5402G-IL",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-312W",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWM-321",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-921",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "DWR-953",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            },
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "Good Line Router v2",
              "vendor": "D-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "20240112"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "99iz (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 bis 20240112 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /devinfo der Komponente HTTP GET Request Handler. Mittels dem Manipulieren des Arguments area mit der Eingabe notice|net|version mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-19T15:31:04.290Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.251542"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.251542"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/999zzzzz/D-Link"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-19T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-19T08:26:48.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0717",
        "datePublished": "2024-01-19T15:31:04.290Z",
        "dateReserved": "2024-01-19T07:21:32.386Z",
        "dateUpdated": "2025-05-30T14:26:30.162Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }