| Title | Drink ShareCenter™ 2-Bay Network Storage Enclosure DNS-320 2.02b01 Information Disclosure |
|---|
| Description | # Info Leak in Dlink-DNS320 NAS (2)
## Overview
* Type: Information leak
* Supplier: Dlink
* Victim URL: http://{Device-IP}/cgi-bin/widget_api.cgi?getSer
* Product: ShareCenter™ 2-Bay Network Storage Enclosure DNS-320
* Affect version: (lastest) 2.02b01
* Firmware download: http://files.dlink.com.au/products/DNS-320/REV_A/Firmware/Firmware_v2.02b01/DNS-320_A1_FW_2.02b01.zip
## Description
An infomation leaking vulnerability is at the web management interface of the affected NAS devices. Without any permission, attackers can get sensitive information about service from the victim URL.
The victim URL is a hidden interface and isn't been protected by any authentication and authorization. |
|---|
| Source | ⚠️ https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/2 |
|---|
| User | leetmoon (UID 42673) |
|---|
| Submission | 09/02/2024 09:20 (2 years ago) |
|---|
| Moderation | 09/05/2024 07:06 (3 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 276626 [D-Link DNS-320 2.02b01 Web Management Interface /cgi-bin/widget_api.cgi getHD/getSer/getSys information disclosure] |
|---|
| Points | 0 |
|---|