VAR-201304-0461
Vulnerability from variot - Updated: 2022-05-17 01:51There is a command injection vulnerability in D-Link's various router devices. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly verify dst parameter data and lack of verification of the session, allowing remote attackers to exploit The vulnerability is injected and executed by any shell command. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly restrict access to version.txt or DevInfo, allowing remote attackers to submit requests directly Model name, hardware version, kernel version, firmware version, MAC address information. D-Link is a network company founded by Taiwan D-Link Group. It is committed to the research and development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. Command injection vulnerabilities and multiple information disclosure vulnerabilities exist in multiple D-Link products. An attacker could use these vulnerabilities to gain access to potentially sensitive information and execute arbitrary commands in the context of an affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0461",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-600",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-300 revb",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-645",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-110",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-815",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-412",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
},
{
"model": "dir-456",
"scope": null,
"trust": 1.2,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "m-1-k-3",
"sources": [
{
"db": "BID",
"id": "58938"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02859",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02860",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-02859",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-02860",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a command injection vulnerability in D-Link\u0027s various router devices. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly verify dst parameter data and lack of verification of the session, allowing remote attackers to exploit The vulnerability is injected and executed by any shell command. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly restrict access to version.txt or DevInfo, allowing remote attackers to submit requests directly Model name, hardware version, kernel version, firmware version, MAC address information. D-Link is a network company founded by Taiwan D-Link Group. It is committed to the research and development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. \nCommand injection vulnerabilities and multiple information disclosure vulnerabilities exist in multiple D-Link products. An attacker could use these vulnerabilities to gain access to potentially sensitive information and execute arbitrary commands in the context of an affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
},
{
"db": "BID",
"id": "58938"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58938",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "24926",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2013-02859",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-02860",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"db": "BID",
"id": "58938"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
]
},
"id": "VAR-201304-0461",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
}
],
"trust": 2.000716747142857
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
}
]
},
"last_update_date": "2022-05-17T01:51:12.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "D-Link multiple product command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33191"
},
{
"title": "D-Link patch for multiple product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33192"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.exploit-db.com/exploits/24926/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58938"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"db": "BID",
"id": "58938"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"db": "BID",
"id": "58938"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"date": "2013-04-05T00:00:00",
"db": "BID",
"id": "58938"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02859"
},
{
"date": "2013-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02860"
},
{
"date": "2013-04-11T05:28:00",
"db": "BID",
"id": "58938"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link Multiple Product Command Injection Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02859"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "58938"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…