VAR-201502-0509
Vulnerability from variot - Updated: 2022-05-17 02:05D-Link DIR-820L is a dual-band cloud management wireless intelligent router from D-Link. TRENDnet TEW-731BR is a dual-band wireless router from TRENDnet. The following security vulnerabilities exist in various D-Link and RENDnet routers: 1. Local unauthorized vulnerabilities 2. Remote unauthorized vulnerabilities 3. Cross-site request forgery vulnerabilities. Attackers can use these vulnerabilities to perform unauthorized operations, gain unauthorized root permissions on the affected device, and take complete control of the affected device. The following products and versions are affected: D-Link DIR-820L (firmware version: Rev A) version 1.02B10, DIR-820L (firmware version: Rev A) version 1.05B03, DIR-820L (firmware version: Rev B) 2.01b02 Version; TRENDnet TEW-731BR (firmware version: Rev 2) version 2.01b01. Multiple D-Link and TRENDnet routers are prone to a local unauthenticated vulnerability, a remote unauthenticated vulnerability and a cross-site request-forgery vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0509",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-820l 1.02b10",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "dir-820l 1.05b03",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "dir-820l 2.01b02",
"scope": null,
"trust": 0.9,
"vendor": "d link",
"version": null
},
{
"model": "tew-731br (rev 2.01b01",
"scope": "eq",
"trust": 0.9,
"vendor": "trendnet",
"version": "2)"
},
{
"model": "tew-731br (rev 2.02b01",
"scope": "ne",
"trust": 0.3,
"vendor": "trendnet",
"version": "2)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"db": "BID",
"id": "72816"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter Adkins",
"sources": [
{
"db": "BID",
"id": "72816"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01453",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2015-01453",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-820L is a dual-band cloud management wireless intelligent router from D-Link. TRENDnet TEW-731BR is a dual-band wireless router from TRENDnet. \nThe following security vulnerabilities exist in various D-Link and RENDnet routers: 1. Local unauthorized vulnerabilities 2. Remote unauthorized vulnerabilities 3. Cross-site request forgery vulnerabilities. Attackers can use these vulnerabilities to perform unauthorized operations, gain unauthorized root permissions on the affected device, and take complete control of the affected device. The following products and versions are affected: D-Link DIR-820L (firmware version: Rev A) version 1.02B10, DIR-820L (firmware version: Rev A) version 1.05B03, DIR-820L (firmware version: Rev B) 2.01b02 Version; TRENDnet TEW-731BR (firmware version: Rev 2) version 2.01b01. Multiple D-Link and TRENDnet routers are prone to a local unauthenticated vulnerability, a remote unauthenticated vulnerability and a cross-site request-forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
},
{
"db": "BID",
"id": "72816"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "72816",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2015-01453",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"db": "BID",
"id": "72816"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
]
},
"id": "VAR-201502-0509",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
}
],
"trust": 1.26666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
}
]
},
"last_update_date": "2022-05-17T02:05:53.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches with multiple vulnerabilities for multiple D-Link and TRENDnet routers \u0027ncc/ncc2\u0027 Service",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55874"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72816"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/feb/164"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.3,
"url": "http://www.trendnet.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"db": "BID",
"id": "72816"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"db": "BID",
"id": "72816"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"date": "2015-02-26T00:00:00",
"db": "BID",
"id": "72816"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01453"
},
{
"date": "2015-02-26T00:00:00",
"db": "BID",
"id": "72816"
},
{
"date": "2015-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote \u203b local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple D-Link and TRENDnet routers \u0027ncc/ncc2\u0027 Service",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01453"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "72816"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…