Search criteria
6 vulnerabilities found for dir-867 by dlink
VAR-202506-1060
Vulnerability from variot - Updated: 2025-07-16 23:30A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-867 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-867 is a wireless router from D-Link, a Chinese company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-1060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.0"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-867 firmware 1.0"
},
{
"model": "dir-867",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "v1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"cve": "CVE-2025-6334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "cna@vuldb.com",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2025-6334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "OTHER",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2025-008737",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2025-15624",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-6334",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-008737",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cna@vuldb.com",
"id": "CVE-2025-6334",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2025-008737",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-15624",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of DIR-867 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-867 is a wireless router from D-Link, a Chinese company. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-6334"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "CNVD",
"id": "CNVD-2025-15624"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-6334",
"trust": 3.2
},
{
"db": "VULDB",
"id": "313330",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-15624",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"id": "VAR-202506-1060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
}
]
},
"last_update_date": "2025-07-16T23:30:00.354000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [ others ]",
"trust": 0.8
},
{
"problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/thir0th/thir0th-cve/blob/main/dir-867%20ac1750.md"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?id.313330"
},
{
"trust": 1.8,
"url": "https://vuldb.com/?submit.596579"
},
{
"trust": 1.8,
"url": "https://www.dlink.com/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-6334"
},
{
"trust": 1.0,
"url": "https://vuldb.com/?ctiid.313330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"date": "2025-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"date": "2025-06-20T11:15:22.083000",
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-15624"
},
{
"date": "2025-07-14T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2025-008737"
},
{
"date": "2025-07-11T15:55:13.053000",
"db": "NVD",
"id": "CVE-2025-6334"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-867\u00a0 Buffer error vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008737"
}
],
"trust": 0.8
}
}
VAR-202303-1040
Vulnerability from variot - Updated: 2025-03-04 23:07OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-867 is a wireless router made by China D-Link Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b07"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "dir-867 firmware 1.30b07"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-867",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-867 fw1.30b07",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"cve": "CVE-2023-24762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-27687",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-24762",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-24762",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-24762",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-24762",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-24762",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-27687",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR-867 is a wireless router made by China D-Link Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-24762"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "CNVD",
"id": "CNVD-2023-27687"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-24762",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-27687",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202303-909",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-909"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"id": "VAR-202303-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
}
]
},
"last_update_date": "2025-03-04T23:07:24.877000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dlink.com/en/security-bulletin/"
},
{
"trust": 1.8,
"url": "https://hackmd.io/%40uuxne2y3rjodpwm87fw6_a/hypk04zho"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24762"
},
{
"trust": 0.6,
"url": "https://hackmd.io/@uuxne2y3rjodpwm87fw6_a/hypk04zho"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-24762/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-909"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-909"
},
{
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"date": "2023-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"date": "2023-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-909"
},
{
"date": "2023-03-13T14:15:12.820000",
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-27687"
},
{
"date": "2023-11-08T01:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-005332"
},
{
"date": "2023-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-909"
},
{
"date": "2025-03-03T20:15:38.170000",
"db": "NVD",
"id": "CVE-2023-24762"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0DIR-867\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-005332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-909"
}
],
"trust": 0.6
}
}
VAR-202003-1676
Vulnerability from variot - Updated: 2024-11-23 22:44This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. D-Link DIR-867 , DIR-878 , DIR-882 The router contains a vulnerability related to improper comparison. Zero Day Initiative To this vulnerability ZDI-CAN-9471 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-867, DIR-878 and DIR-882 are all wireless router products from D-Link, Taiwan. HNAP is a protocol called HNAP (Home Network Management Protocol)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-867",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"model": "dir-878",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b03"
},
{
"model": "dir-882",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"model": "dir-878",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"model": "dir-867 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-878 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-882 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-867_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-878_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-882_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "chung96vn - Security Researcher of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
}
],
"trust": 0.7
},
"cve": "CVE-2020-8864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-8864",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003174",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-18979",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8864",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8864",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003174",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8864",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8864",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-8864",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003174",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-8864",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-18979",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1144",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471. D-Link DIR-867 , DIR-878 , DIR-882 The router contains a vulnerability related to improper comparison. Zero Day Initiative To this vulnerability ZDI-CAN-9471 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-867, DIR-878 and DIR-882 are all wireless router products from D-Link, Taiwan. HNAP is a protocol called HNAP (Home Network Management Protocol)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8864",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-20-268",
"trust": 2.9
},
{
"db": "DLINK",
"id": "SAP10157",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9471",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-18979",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"id": "VAR-202003-1676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18979"
}
],
"trust": 1.0793249733333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18979"
}
]
},
"last_update_date": "2024-11-23T22:44:37.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP10157",
"trust": 1.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
},
{
"title": "Patch for D-Link DIR-867, DIR-878, and DIR-882 HNAP authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210441"
},
{
"title": "D-Link DIR-867 , DIR-878 and DIR-882 HNAP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110310"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-697",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-268/"
},
{
"trust": 2.3,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8864"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8864\\"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8864"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"date": "2020-03-23T21:15:12.457000",
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "ZDI",
"id": "ZDI-20-268"
},
{
"date": "2020-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18979"
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003174"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1144"
},
{
"date": "2024-11-21T05:39:35.717000",
"db": "NVD",
"id": "CVE-2020-8864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural D-Link Improper Comparison Vulnerability in Made Routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003174"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1144"
}
],
"trust": 0.6
}
}
VAR-202003-1675
Vulnerability from variot - Updated: 2024-11-23 22:44This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. Zero Day Initiative To this vulnerability ZDI-CAN-9470 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-867, DIR-878 and DIR-882 are all wireless router products from D-Link, Taiwan. HNAP is a protocol called HNAP (Home Network Management Protocol)
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "dir-867",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"_id": null,
"model": "dir-878",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b03"
},
{
"_id": null,
"model": "dir-882",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"_id": null,
"model": "dir-867",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"_id": null,
"model": "dir-878",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"_id": null,
"model": "dir-882",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "1.10b04"
},
{
"_id": null,
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dir-867 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dir-878 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"_id": null,
"model": "dir-882 1.10b04",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-867_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-878_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-882_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
}
]
},
"credits": {
"_id": null,
"data": "chung96vn - Security Researcher of VinCSS (Member of Vingroup)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
}
],
"trust": 0.7
},
"cve": "CVE-2020-8863",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-8863",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-003175",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-18980",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8863",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8863",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003175",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-8863",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2020-8863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003175",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-8863",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-18980",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1139",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
}
]
},
"description": {
"_id": null,
"data": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. Zero Day Initiative To this vulnerability ZDI-CAN-9470 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-867, DIR-878 and DIR-882 are all wireless router products from D-Link, Taiwan. HNAP is a protocol called HNAP (Home Network Management Protocol)",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8863"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
}
],
"trust": 2.79
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-8863",
"trust": 3.7
},
{
"db": "ZDI",
"id": "ZDI-20-267",
"trust": 2.9
},
{
"db": "DLINK",
"id": "SAP10157",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-9470",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-18980",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
}
]
},
"id": "VAR-202003-1675",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18980"
}
],
"trust": 1.0793249733333332
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18980"
}
]
},
"last_update_date": "2024-11-23T22:44:37.964000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SAP10157",
"trust": 1.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157"
},
{
"title": "Patch for D-Link DIR-867, DIR-878, and DIR-882 HNAP certification bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/210439"
},
{
"title": "D-Link DIR-867 , DIR-878 and DIR-882 HNAP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110308"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
},
{
"problemtype": "CWE-303",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-267/"
},
{
"trust": 2.3,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8863"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8863\\"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8863"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-267"
},
{
"db": "CNVD",
"id": "CNVD-2020-18980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
},
{
"db": "NVD",
"id": "CVE-2020-8863"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-267",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-18980",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003175",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1139",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-8863",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "ZDI",
"id": "ZDI-20-267",
"ident": null
},
{
"date": "2020-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18980",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003175",
"ident": null
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1139",
"ident": null
},
{
"date": "2020-03-23T21:15:12.377000",
"db": "NVD",
"id": "CVE-2020-8863",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "ZDI",
"id": "ZDI-20-267",
"ident": null
},
{
"date": "2020-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18980",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003175",
"ident": null
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1139",
"ident": null
},
{
"date": "2024-11-21T05:39:35.580000",
"db": "NVD",
"id": "CVE-2020-8863",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural D-Link Authentication vulnerabilities in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003175"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1139"
}
],
"trust": 0.6
}
}
VAR-202204-0705
Vulnerability from variot - Updated: 2024-11-23 22:32A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. dir-1360 firmware, dir-1760 firmware, dir-1960 For multiple D-Link Japan Co., Ltd. products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10b04"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b03"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b15"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b01"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b06"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b10"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b04"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b03"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03b02"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b02"
},
{
"model": "dir-878",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b08"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13b03"
},
{
"model": "dir-1760",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b14"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b07"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b01"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00b12"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b03"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-1960",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b03"
},
{
"model": "dir-2660",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04b03"
},
{
"model": "dir-2640",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b04"
},
{
"model": "dir-1760",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.11b04"
},
{
"model": "dir-3040",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.12b01"
},
{
"model": "dir-882",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b06"
},
{
"model": "dir-1360",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02b03"
},
{
"model": "dir-3060",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01b07"
},
{
"model": "dir-867",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b10"
},
{
"model": "dir-878",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.20b05"
},
{
"model": "dir-882",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-3040",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-3060",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1760",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-878",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-2660",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1360",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-1960",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-867",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "dir-2640",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30a3\u30fc\u30ea\u30f3\u30af\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"cve": "CVE-2022-1262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1262",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1262",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1262",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1262",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1262",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2826",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-1262",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. dir-1360 firmware, dir-1760 firmware, dir-1960 For multiple D-Link Japan Co., Ltd. products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "VULMON",
"id": "CVE-2022-1262"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1262",
"trust": 3.3
},
{
"db": "TENABLE",
"id": "TRA-2022-09",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-1262",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"id": "VAR-202204-0705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4205193725
},
"last_update_date": "2024-11-23T22:32:53.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link Routers Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189807"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2022-09"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1262"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1262/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"date": "2022-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"date": "2022-04-11T20:15:18.157000",
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1262"
},
{
"date": "2023-07-24T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-008159"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2826"
},
{
"date": "2024-11-21T06:40:21.910000",
"db": "NVD",
"id": "CVE-2022-1262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple D-Link Japan Co., Ltd. products \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2826"
}
],
"trust": 0.6
}
}
VAR-202209-1493
Vulnerability from variot - Updated: 2024-08-14 14:17This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. plural D-Link Routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-882-us",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b07"
},
{
"model": "dir-867",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b08"
},
{
"model": "dir-878",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.30b06"
},
{
"model": "dir-878",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-882-us",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-867",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "multiple routers",
"scope": null,
"trust": 0.7,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
}
],
"trust": 0.7
},
"cve": "CVE-2022-41140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-41140",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-41140",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-41140",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2022-41140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-41140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-41140",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2022-41140",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1873",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796. plural D-Link Routers contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "VULMON",
"id": "CVE-2022-41140"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41140",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-22-1290",
"trust": 3.2
},
{
"db": "DLINK",
"id": "SAP10291",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-13796",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41140",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "VULMON",
"id": "CVE-2022-41140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"id": "VAR-202209-1493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.49627791
},
"last_update_date": "2024-08-14T14:17:42.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 1.5,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10291"
},
{
"title": "D-Link Fixes for Multiple Router Buffer Error Vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=223704"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-1290/"
},
{
"trust": 2.4,
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10291"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41140"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41140/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "VULMON",
"id": "CVE-2022-41140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"db": "VULMON",
"id": "CVE-2022-41140"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-20T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41140"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"date": "2023-01-26T18:59:53.690000",
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-20T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1290"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41140"
},
{
"date": "2023-07-13T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-007265"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1873"
},
{
"date": "2023-02-02T15:18:20.907000",
"db": "NVD",
"id": "CVE-2022-41140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0D-Link\u00a0 Out-of-Bounds Write Vulnerability in Router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1873"
}
],
"trust": 0.6
}
}