Sign-up

ID

VAR-201006-0363


CVE

CVE-2010-2292


TITLE

IBM AIX nslookup fails to drop root privileges

Trust: 0.8

sources: CERT/CC: VU#18419

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. The D-link DI-604 is a small router device. The 'Ping tools' WEB interface does not verify the size of the ip textfield, changing its size, and sending requests exceeding 500 characters can cause a denial of service attack. There is also a cross-site scripting attack on this textfield. Dlink Di-604 products are prone to a cross-site scripting and a denial-of-service vulnerability because the devices fail to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site

Trust: 3.24

sources: NVD: CVE-2010-2292 // CERT/CC: VU#18419 // JVNDB: JVNDB-2010-004146 // CNVD: CNVD-2010-1083 // BID: 40691 // VULHUB: VHN-44897

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1083

AFFECTED PRODUCTS

vendor:d linkmodel:di-604scope: - version: -

Trust: 1.7

vendor:d linkmodel:di-604scope:eqversion:*

Trust: 1.0

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:d linkmodel:di-615scope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#18419 // CNVD: CNVD-2010-1083 // BID: 40691 // JVNDB: JVNDB-2010-004146 // CNNVD: CNNVD-201006-252 // NVD: CVE-2010-2292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2292
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#18419
value: 2.76

Trust: 0.8

NVD: CVE-2010-2292
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-252
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44897
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-2292
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44897
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#18419 // VULHUB: VHN-44897 // JVNDB: JVNDB-2010-004146 // CNNVD: CNNVD-201006-252 // NVD: CVE-2010-2292

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-44897 // JVNDB: JVNDB-2010-004146 // NVD: CVE-2010-2292

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-252

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201006-252

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004146

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
title:Wireshark 1.2.9url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3692
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-004146 // 
            
            
            
            CNNVD: CNNVD-201006-252

EXTERNAL IDS
db:NVDid:CVE-2010-2292
Trust: 2.8
db:BIDid:40691
Trust: 2.6
db:XFid:604
Trust: 1.4
db:CERT/CCid:VU#18419
Trust: 0.8
db:JVNDBid:JVNDB-2010-004146
Trust: 0.8
db:CNNVDid:CNNVD-201006-252
Trust: 0.7
db:CNVDid:CNVD-2010-1083
Trust: 0.6
db:XFid:59364
Trust: 0.6
db:BUGTRAQid:20100608 DLINK DI-604 ROUTER AUTHENTICATED USER PING TOOL XSS AND DOS
Trust: 0.6
db:VULHUBid:VHN-44897
Trust: 0.1
sources:
            
            
            CERT/CC: VU#18419 // 
            
            
            
            CNVD: CNVD-2010-1083 // 
            
            
            
            VULHUB: VHN-44897 // 
            
            
            
            BID: 40691 // 
            
            
            
            JVNDB: JVNDB-2010-004146 // 
            
            
            
            CNNVD: CNNVD-201006-252 // 
            
            
            
            NVD: CVE-2010-2292

REFERENCES
url:http://www.securityfocus.com/bid/40691
Trust: 1.7
url:http://www.securityfocus.com/archive/1/511751/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/59364
Trust: 1.1
url:http://xforce.iss.net/static/604.php
Trust: 0.8
url:http://groups.google.com/groups?q=ers-sva-e01-1997:008.1&hl=en&rnum=3&selm=6383r7%24kts%243%40watnews1.watson.ibm.com
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2292
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2292
Trust: 0.8
url:http://www.securityfocus.com/archive/1/511751
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/59364
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/511751/100/0/threaded
Trust: 0.6
url:http://www.d-link.com/
Trust: 0.3
url:/archive/1/511751
Trust: 0.3
url:/archive/1/511840
Trust: 0.3
sources:
            
            
            CERT/CC: VU#18419 // 
            
            
            
            CNVD: CNVD-2010-1083 // 
            
            
            
            VULHUB: VHN-44897 // 
            
            
            
            BID: 40691 // 
            
            
            
            JVNDB: JVNDB-2010-004146 // 
            
            
            
            CNNVD: CNNVD-201006-252 // 
            
            
            
            NVD: CVE-2010-2292

CREDITS
DcLabs - Sponsor: Crash
Trust: 0.9
sources:
            
            
            BID: 40691 // 
            
            
            
            CNNVD: CNNVD-201006-252

SOURCES
db:CERT/CCid:VU#18419
db:CNVDid:CNVD-2010-1083
db:VULHUBid:VHN-44897
db:BIDid:40691
db:JVNDBid:JVNDB-2010-004146
db:CNNVDid:CNNVD-201006-252
db:NVDid:CVE-2010-2292

LAST UPDATE DATE
2025-04-11T21:37:29.122000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#18419date:2001-09-27T00:00:00
db:CNVDid:CNVD-2010-1083date:2010-06-11T00:00:00
db:VULHUBid:VHN-44897date:2018-10-10T00:00:00
db:BIDid:40691date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-004146date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201006-252date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2292date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#18419date:2001-09-26T00:00:00
db:CNVDid:CNVD-2010-1083date:2010-06-11T00:00:00
db:VULHUBid:VHN-44897date:2010-06-15T00:00:00
db:BIDid:40691date:2010-06-09T00:00:00
db:JVNDBid:JVNDB-2010-004146date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201006-252date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2292date:2010-06-15T14:04:26.767