VAR-201305-0420
Vulnerability from variot - Updated: 2022-05-17 01:45When you click the \"Save To\" text box or the \"Browse\" button, the directory on the \"Volume_1\" share will pop up. Click the \"+\" sign to expand the directory. You can send a POST request with the following parameters to /goform/GetNewDir: fNEW_DIR /mnt/ Volume_1f_backup 0f_IP_address f_file 0 Because the fNEW_DIR variable is not fully filtered, the attacker is allowed to upload malicious files to any directory through the directory traversal sequence, such as /etc/shadow. When clicking the \"play button\" that you plan to download, the request submitted to /goform/right_now_d can include the following parameters: T1 , SCHEDULE, , , , The SCHEDULE parameter is not properly filtered, allowing remote attackers to exploit the vulnerability to inject arbitrary OS commands and execute with WEB privileges. D-Link DNS-320 ShareCenter is a gigabit network storage of Taiwan D-Link Group. A remote command execution vulnerability and a directory traversal vulnerability exist in the D-Link DNS-323 ShareCenter. An attacker could use these vulnerabilities to execute arbitrary commands and perform arbitrary access to arbitrary files in the context of an affected device by using a directory traversal string. Vulnerabilities exist in D-Link DNS-323 ShareCenter firmware version 1.09. Other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dns-323",
"scope": "eq",
"trust": 1.2,
"vendor": "d link",
"version": "1.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sghctoma",
"sources": [
{
"db": "BID",
"id": "59614"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04841",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-04842",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-04841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04842",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When you click the \\\"Save To\\\" text box or the \\\"Browse\\\" button, the directory on the \\\"Volume_1\\\" share will pop up. Click the \\\"+\\\" sign to expand the directory. You can send a POST request with the following parameters to /goform/GetNewDir: fNEW_DIR /mnt/ Volume_1f_backup 0f_IP_address \u003cip address of NAS\u003ef_file 0 Because the fNEW_DIR variable is not fully filtered, the attacker is allowed to upload malicious files to any directory through the directory traversal sequence, such as /etc/shadow. When clicking the \\\"play button\\\" that you plan to download, the request submitted to /goform/right_now_d can include the following parameters: T1 \u003cat job id\u003e, SCHEDULE\u003cnum\u003e, \u003cuser\u003e, \u003csource\u003e, \u003cdestination\u003e, \u003cnum \u003e The SCHEDULE\u003cnum\u003e parameter is not properly filtered, allowing remote attackers to exploit the vulnerability to inject arbitrary OS commands and execute with WEB privileges. D-Link DNS-320 ShareCenter is a gigabit network storage of Taiwan D-Link Group. \nA remote command execution vulnerability and a directory traversal vulnerability exist in the D-Link DNS-323 ShareCenter. An attacker could use these vulnerabilities to execute arbitrary commands and perform arbitrary access to arbitrary files in the context of an affected device by using a directory traversal string. Vulnerabilities exist in D-Link DNS-323 ShareCenter firmware version 1.09. Other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
},
{
"db": "BID",
"id": "59614"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "59614",
"trust": 2.1
},
{
"db": "CNVD",
"id": "CNVD-2013-04841",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-04842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"db": "BID",
"id": "59614"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
]
},
"id": "VAR-201305-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
}
]
},
"last_update_date": "2022-05-17T01:45:24.982000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://1337day.com/exploit/20724"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59614"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"db": "BID",
"id": "59614"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"db": "BID",
"id": "59614"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"date": "2013-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"date": "2013-05-02T00:00:00",
"db": "BID",
"id": "59614"
},
{
"date": "2013-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04841"
},
{
"date": "2013-05-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04842"
},
{
"date": "2013-05-02T00:00:00",
"db": "BID",
"id": "59614"
},
{
"date": "2013-05-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-073"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DNS-323 ShareCenter Remote Directory Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04841"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "59614"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…