| Title | Drink ShareCenter™ 2-Bay Network Storage Enclosure DNS-320 2.02b01 Information Disclosure |
|---|
| Description | # Info Leak in Dlink-DNS320 NAS (3)
## Overview
* Type: Information leak
* Supplier: Dlink
* Victim URL: http://{Device-IP}/cgi-bin/widget_api.cgi?getSys
* Product: ShareCenter™ 2-Bay Network Storage Enclosure DNS-320
* Affect version: (lastest) 2.02b01
* Firmware download: http://files.dlink.com.au/products/DNS-320/REV_A/Firmware/Firmware_v2.02b01/DNS-320_A1_FW_2.02b01.zip
## Description
An infomation leaking vulnerability is at the web management interface of the affected NAS devices. Without any permition, attacker can get sensitive information about system from the victim URL.
The victime url is a hidden interface and isn't been protected by any authentication and authorization.
|
|---|
| Source | ⚠️ https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/3 |
|---|
| User | leetmoon (UID 42673) |
|---|
| Submission | 09/02/2024 09:22 (2 years ago) |
|---|
| Moderation | 09/05/2024 07:06 (3 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 276626 [D-Link DNS-320 2.02b01 Web Management Interface /cgi-bin/widget_api.cgi getHD/getSer/getSys information disclosure] |
|---|
| Points | 0 |
|---|