Search
Find a vulnerability
Search criteria
32 vulnerabilities found for dir-865l_firmware by dlink
CVE-2020-25786 (GCVE-0-2020-25786)
Vulnerability from nvd – Published: 2020-09-19 19:24 – Updated: 2024-08-04 15:40 Unsupported When Assigned
VLAI
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://github.com/sek1th/iot/blob/master/DIR-816… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-19T19:24:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"name": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
"refsource": "MISC",
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25786",
"datePublished": "2020-09-19T19:24:09.000Z",
"dateReserved": "2020-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13787 (GCVE-0-2020-13787)
Vulnerability from nvd – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13787",
"datePublished": "2020-06-03T16:22:36.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13786 (GCVE-0-2020-13786)
Vulnerability from nvd – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13786",
"datePublished": "2020-06-03T16:22:45.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13785 (GCVE-0-2020-13785)
Vulnerability from nvd – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13785",
"datePublished": "2020-06-03T16:22:52.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13784 (GCVE-0-2020-13784)
Vulnerability from nvd – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13784",
"datePublished": "2020-06-03T16:23:00.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13783 (GCVE-0-2020-13783)
Vulnerability from nvd – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13783",
"datePublished": "2020-06-03T16:23:09.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13782 (GCVE-0-2020-13782)
Vulnerability from nvd – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13782",
"datePublished": "2020-06-03T16:23:19.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20213 (GCVE-0-2019-20213)
Vulnerability from nvd – Published: 2020-01-02 01:03 – Updated: 2024-08-05 02:39
VLAI
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://medium.com/%40s1kr10s/d-link-dir-859-unau… | x_refsource_MISC |
| https://medium.com/%40s1kr10s/d-link-dir-859-unau… | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T01:03:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20213",
"datePublished": "2020-01-02T01:03:16.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17621 (GCVE-0-2019-17621)
Vulnerability from nvd – Published: 2019-12-30 16:09 – Updated: 2025-10-21 23:35Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.ftc.gov/system/files/documents/cases/… | x_refsource_MISC |
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_CONFIRM |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_CONFIRM |
| https://medium.com/%40s1kr10s/d-link-dir-859-rce-… | x_refsource_MISC |
| https://medium.com/%40s1kr10s/d-link-dir-859-rce-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156054/D-Lin… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-17621",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:33:59.746115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17621"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:54.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17621"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "CVE-2019-17621 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"name": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17621",
"datePublished": "2019-12-30T16:09:17.000Z",
"dateReserved": "2019-10-16T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:54.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4857 (GCVE-0-2013-4857)
Vulnerability from nvd – Published: 2019-10-25 15:36 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has PHP File Inclusion in the router xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:36:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has PHP File Inclusion in the router xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4857",
"datePublished": "2019-10-25T15:36:13.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4856 (GCVE-0-2013-4856)
Vulnerability from nvd – Published: 2019-10-25 15:44 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has Information Disclosure.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
| https://www.ise.io/wp-content/uploads/2017/06/soh… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:44:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4856",
"datePublished": "2019-10-25T15:44:11.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4855 (GCVE-0-2013-4855)
Vulnerability from nvd – Published: 2019-10-25 15:47 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
| https://www.ise.io/wp-content/uploads/2017/06/soh… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:47:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4855",
"datePublished": "2019-10-25T15:47:43.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6530 (GCVE-0-2018-6530)
Vulnerability from nvd – Published: 2018-03-06 20:00 – Updated: 2025-10-21 23:45Summary
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
6 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880… | x_refsource_CONFIRM |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6530",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:36:36.248676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6530"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:55.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6530"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-08T00:00:00.000Z",
"value": "CVE-2018-6530 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-880L/REVA/DIR-880L_REVA_FIRMWARE_PATCH_NOTES_1.08B06_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6530",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:55.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6529 (GCVE-0-2018-6529)
Vulnerability from nvd – Published: 2018-03-06 20:00 – Updated: 2024-08-05 06:10
VLAI
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6529",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6528 (GCVE-0-2018-6528)
Vulnerability from nvd – Published: 2018-03-06 20:00 – Updated: 2024-08-05 06:10
VLAI
Summary
XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6528",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6527 (GCVE-0-2018-6527)
Vulnerability from nvd – Published: 2018-03-06 20:00 – Updated: 2024-08-05 06:10
VLAI
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6527",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25786 (GCVE-0-2020-25786)
Vulnerability from cvelistv5 – Published: 2020-09-19 19:24 – Updated: 2024-08-04 15:40 Unsupported When Assigned
VLAI
Summary
webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://github.com/sek1th/iot/blob/master/DIR-816… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-19T19:24:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10190"
},
{
"name": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md",
"refsource": "MISC",
"url": "https://github.com/sek1th/iot/blob/master/DIR-816L_XSS.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25786",
"datePublished": "2020-09-19T19:24:09.000Z",
"dateReserved": "2020-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13782 (GCVE-0-2020-13782)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13782",
"datePublished": "2020-06-03T16:23:19.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13783 (GCVE-0-2020-13783)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13783",
"datePublished": "2020-06-03T16:23:09.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13784 (GCVE-0-2020-13784)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:23 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13784",
"datePublished": "2020-06-03T16:23:00.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13785 (GCVE-0-2020-13785)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:45.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13785",
"datePublished": "2020-06-03T16:22:52.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13786 (GCVE-0-2020-13786)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13786",
"datePublished": "2020-06-03T16:22:45.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13787 (GCVE-0-2020-13787)
Vulnerability from cvelistv5 – Published: 2020-06-03 16:22 – Updated: 2024-08-04 12:25
VLAI
Summary
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://unit42.paloaltonetworks.com/6-new-d-link-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-17T12:21:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174"
},
{
"name": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/",
"refsource": "MISC",
"url": "https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13787",
"datePublished": "2020-06-03T16:22:36.000Z",
"dateReserved": "2020-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20213 (GCVE-0-2019-20213)
Vulnerability from cvelistv5 – Published: 2020-01-02 01:03 – Updated: 2024-08-05 02:39
VLAI
Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://medium.com/%40s1kr10s/d-link-dir-859-unau… | x_refsource_MISC |
| https://medium.com/%40s1kr10s/d-link-dir-859-unau… | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T01:03:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "MISC",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20213",
"datePublished": "2020-01-02T01:03:16.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17621 (GCVE-0-2019-17621)
Vulnerability from cvelistv5 – Published: 2019-12-30 16:09 – Updated: 2025-10-21 23:35Summary
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.ftc.gov/system/files/documents/cases/… | x_refsource_MISC |
| https://www.dlink.com/en/security-bulletin | x_refsource_MISC |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_CONFIRM |
| https://supportannouncement.us.dlink.com/announce… | x_refsource_CONFIRM |
| https://medium.com/%40s1kr10s/d-link-dir-859-rce-… | x_refsource_MISC |
| https://medium.com/%40s1kr10s/d-link-dir-859-rce-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/156054/D-Lin… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-17621",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:33:59.746115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17621"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:54.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17621"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00.000Z",
"value": "CVE-2019-17621 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T18:06:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf",
"refsource": "MISC",
"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"
},
{
"name": "https://www.dlink.com/en/security-bulletin",
"refsource": "MISC",
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147"
},
{
"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146",
"refsource": "CONFIRM",
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104"
},
{
"name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9",
"refsource": "MISC",
"url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9"
},
{
"name": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17621",
"datePublished": "2019-12-30T16:09:17.000Z",
"dateReserved": "2019-10-16T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:54.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4855 (GCVE-0-2013-4855)
Vulnerability from cvelistv5 – Published: 2019-10-25 15:47 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
| https://www.ise.io/wp-content/uploads/2017/06/soh… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:47:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4855",
"datePublished": "2019-10-25T15:47:43.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4856 (GCVE-0-2013-4856)
Vulnerability from cvelistv5 – Published: 2019-10-25 15:44 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has Information Disclosure.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
| https://www.ise.io/wp-content/uploads/2017/06/soh… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:44:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has Information Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"name": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf",
"refsource": "MISC",
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4856",
"datePublished": "2019-10-25T15:44:11.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4857 (GCVE-0-2013-4857)
Vulnerability from cvelistv5 – Published: 2019-10-25 15:36 – Updated: 2024-08-06 16:59
VLAI
Summary
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ise.io/casestudies/exploiting-soho-routers/ | x_refsource_MISC |
| https://www.ise.io/soho_service_hacks/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ise.io/soho_service_hacks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-865L has PHP File Inclusion in the router xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T15:36:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ise.io/soho_service_hacks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-865L has PHP File Inclusion in the router xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
"refsource": "MISC",
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"name": "https://www.ise.io/soho_service_hacks/",
"refsource": "MISC",
"url": "https://www.ise.io/soho_service_hacks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4857",
"datePublished": "2019-10-25T15:36:13.000Z",
"dateReserved": "2013-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:59:40.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6527 (GCVE-0-2018-6527)
Vulnerability from cvelistv5 – Published: 2018-03-06 20:00 – Updated: 2024-08-05 06:10
VLAI
Summary
XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6527",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6529 (GCVE-0-2018-6529)
Vulnerability from cvelistv5 – Published: 2018-03-06 20:00 – Updated: 2024-08-05 06:10
VLAI
Summary
XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868… | x_refsource_CONFIRM |
| ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860… | x_refsource_CONFIRM |
| https://github.com/TheBeeMan/Pwning-multiple-dlin… | x_refsource_MISC |
| ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865… | x_refsource_CONFIRM |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6529",
"datePublished": "2018-03-06T20:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:10:10.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}