Une vulnérabilité qui a été classée critique a été trouvée dans D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 à 20240112. Affecté par ce problème est une fonction inconnue du fichier /devinfo du composant HTTP GET Request Handler. La manipulation du paramètre area de la valeur d'entrée notice|net|version avec une valeur d'entrée inconnue mène à une vulnérabilité de classe divulgation de l'information. La notice d'information est disponible en téléchargement sur github.com.
Cette vulnérabilité est connue comme CVE-2024-0717. Il est possible d'initialiser l'attaque à distance. Des details techniques sont connus.
Il est déclaré comme proof-of-concept. L'exploit est disponible au téléchargment sur github.com.
Une solution envisageable a été publiée même avant, et non après après la publication de la vulnérabilité.
| Domaine | 19/01/2024 08:26 | 15/02/2024 08:03 | 15/02/2024 08:09 |
|---|
| vendor | D-Link | D-Link | D-Link |
| name | DAP-1360/DIR-300/DIR-615/DIR-615GF/DIR-615S/DIR-615T/DIR-620/DIR-620S/DIR-806A/DIR-815/DIR-815AC/DIR-815S/DIR-816/DIR-820/DIR-822/DIR-825/DIR-825AC/DIR-825ACF/DIR-825ACG1/DIR-841/DIR-842/DIR-842S/DIR-843/DIR-853/DIR-878/DIR-882/DIR-1210/DIR-1260/DIR-2150/DIR-X1530/DIR-X1860/DSL-224/DSL-245GR/DSL-2640U/DSL-2750U/DSL-G2452GR/DVG-5402G/DVG-5402G/DVG-5402GFRU/DVG-N5402G/DVG-N5402G-IL/DWM-312W/DWM-321/DWR-921/DWR-953/Good Line Router v2 | DAP-1360/DIR-300/DIR-615/DIR-615GF/DIR-615S/DIR-615T/DIR-620/DIR-620S/DIR-806A/DIR-815/DIR-815AC/DIR-815S/DIR-816/DIR-820/DIR-822/DIR-825/DIR-825AC/DIR-825ACF/DIR-825ACG1/DIR-841/DIR-842/DIR-842S/DIR-843/DIR-853/DIR-878/DIR-882/DIR-1210/DIR-1260/DIR-2150/DIR-X1530/DIR-X1860/DSL-224/DSL-245GR/DSL-2640U/DSL-2750U/DSL-G2452GR/DVG-5402G/DVG-5402G/DVG-5402GFRU/DVG-N5402G/DVG-N5402G-IL/DWM-312W/DWM-321/DWR-921/DWR-953/Good Line Router v2 | DAP-1360/DIR-300/DIR-615/DIR-615GF/DIR-615S/DIR-615T/DIR-620/DIR-620S/DIR-806A/DIR-815/DIR-815AC/DIR-815S/DIR-816/DIR-820/DIR-822/DIR-825/DIR-825AC/DIR-825ACF/DIR-825ACG1/DIR-841/DIR-842/DIR-842S/DIR-843/DIR-853/DIR-878/DIR-882/DIR-1210/DIR-1260/DIR-2150/DIR-X1530/DIR-X1860/DSL-224/DSL-245GR/DSL-2640U/DSL-2750U/DSL-G2452GR/DVG-5402G/DVG-5402G/DVG-5402GFRU/DVG-N5402G/DVG-N5402G-IL/DWM-312W/DWM-321/DWR-921/DWR-953/Good Line Router v2 |
| version | <=20240112 | <=20240112 | <=20240112 |
| component | HTTP GET Request Handler | HTTP GET Request Handler | HTTP GET Request Handler |
| file | /devinfo | /devinfo | /devinfo |
| argument | area | area | area |
| input_value | notice|net|version | notice|net|version | notice|net|version |
| cwe | 200 (divulgation de l'information) | 200 (divulgation de l'information) | 200 (divulgation de l'information) |
| risk | 2 | 2 | 2 |
| cvss3_vuldb_av | N | N | N |
| cvss3_vuldb_ac | L | L | L |
| cvss3_vuldb_pr | N | N | N |
| cvss3_vuldb_ui | N | N | N |
| cvss3_vuldb_s | U | U | U |
| cvss3_vuldb_c | L | L | L |
| cvss3_vuldb_i | N | N | N |
| cvss3_vuldb_a | N | N | N |
| cvss3_vuldb_e | P | P | P |
| cvss3_vuldb_rc | R | R | R |
| url | https://github.com/999zzzzz/D-Link | https://github.com/999zzzzz/D-Link | https://github.com/999zzzzz/D-Link |
| availability | 1 | 1 | 1 |
| publicity | 1 | 1 | 1 |
| url | https://github.com/999zzzzz/D-Link | https://github.com/999zzzzz/D-Link | https://github.com/999zzzzz/D-Link |
| cve | CVE-2024-0717 | CVE-2024-0717 | CVE-2024-0717 |
| responsible | VulDB | VulDB | VulDB |
| date | 1705618800 (19/01/2024) | 1705618800 (19/01/2024) | 1705618800 (19/01/2024) |
| type | Router Operating System | Router Operating System | Router Operating System |
| cvss2_vuldb_av | N | N | N |
| cvss2_vuldb_ac | L | L | L |
| cvss2_vuldb_au | N | N | N |
| cvss2_vuldb_ci | P | P | P |
| cvss2_vuldb_ii | N | N | N |
| cvss2_vuldb_ai | N | N | N |
| cvss2_vuldb_e | POC | POC | POC |
| cvss2_vuldb_rc | UR | UR | UR |
| cvss2_vuldb_rl | ND | ND | ND |
| cvss3_vuldb_rl | X | X | X |
| cvss2_vuldb_basescore | 5.0 | 5.0 | 5.0 |
| cvss2_vuldb_tempscore | 4.3 | 4.3 | 4.3 |
| cvss3_vuldb_basescore | 5.3 | 5.3 | 5.3 |
| cvss3_vuldb_tempscore | 4.8 | 4.8 | 4.8 |
| cvss3_meta_basescore | 5.3 | 5.3 | 5.3 |
| cvss3_meta_tempscore | 4.8 | 4.8 | 5.0 |
| price_0day | $5k-$25k | $5k-$25k | $5k-$25k |
| cve_assigned | | 1705618800 (19/01/2024) | 1705618800 (19/01/2024) |
| cve_nvd_summary | | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. |
| cvss2_nvd_av | | | N |
| cvss2_nvd_ac | | | L |
| cvss2_nvd_au | | | N |
| cvss2_nvd_ci | | | P |
| cvss2_nvd_ii | | | N |
| cvss2_nvd_ai | | | N |
| cvss3_cna_av | | | N |
| cvss3_cna_ac | | | L |
| cvss3_cna_pr | | | N |
| cvss3_cna_ui | | | N |
| cvss3_cna_s | | | U |
| cvss3_cna_c | | | L |
| cvss3_cna_i | | | N |
| cvss3_cna_a | | | N |
| cve_cna | | | VulDB |
| cvss2_nvd_basescore | | | 5.0 |
| cvss3_cna_basescore | | | 5.3 |
