Sign-up

ID

VAR-201006-0364


CVE

CVE-2010-2293


TITLE

IBM AIX nslookup fails to drop root privileges

Trust: 0.8

sources: CERT/CC: VU#18419

DESCRIPTION

The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size. The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. The D-link DI-604 is a small router device. There is also a cross-site scripting attack on this textfield. Dlink Di-604 products are prone to a cross-site scripting and a denial-of-service vulnerability because the devices fail to properly handle user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. There is a vulnerability in the web interface of the Ping tool of the Dlink Di-604 route

Trust: 3.24

sources: NVD: CVE-2010-2293 // CERT/CC: VU#18419 // JVNDB: JVNDB-2010-004147 // CNVD: CNVD-2010-1083 // BID: 40691 // VULHUB: VHN-44898

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1083

AFFECTED PRODUCTS

vendor:d linkmodel:di-604scope: - version: -

Trust: 1.7

vendor:d linkmodel:di-604scope:eqversion:*

Trust: 1.0

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:d linkmodel:di-615scope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#18419 // CNVD: CNVD-2010-1083 // BID: 40691 // JVNDB: JVNDB-2010-004147 // CNNVD: CNNVD-201006-253 // NVD: CVE-2010-2293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-2293
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#18419
value: 2.76

Trust: 0.8

NVD: CVE-2010-2293
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201006-253
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44898
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-2293
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44898
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#18419 // VULHUB: VHN-44898 // JVNDB: JVNDB-2010-004147 // CNNVD: CNNVD-201006-253 // NVD: CVE-2010-2293

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-44898 // JVNDB: JVNDB-2010-004147 // NVD: CVE-2010-2293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-253

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201006-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004147

PATCH
title:Top Pageurl:http://www.dlink.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004147

EXTERNAL IDS
db:NVDid:CVE-2010-2293
Trust: 2.8
db:BIDid:40691
Trust: 2.6
db:XFid:604
Trust: 1.4
db:CERT/CCid:VU#18419
Trust: 0.8
db:JVNDBid:JVNDB-2010-004147
Trust: 0.8
db:CNNVDid:CNNVD-201006-253
Trust: 0.7
db:CNVDid:CNVD-2010-1083
Trust: 0.6
db:XFid:59366
Trust: 0.6
db:BUGTRAQid:20100608 DLINK DI-604 ROUTER AUTHENTICATED USER PING TOOL XSS AND DOS
Trust: 0.6
db:VULHUBid:VHN-44898
Trust: 0.1
sources:
            
            
            CERT/CC: VU#18419 // 
            
            
            
            CNVD: CNVD-2010-1083 // 
            
            
            
            VULHUB: VHN-44898 // 
            
            
            
            BID: 40691 // 
            
            
            
            JVNDB: JVNDB-2010-004147 // 
            
            
            
            CNNVD: CNNVD-201006-253 // 
            
            
            
            NVD: CVE-2010-2293

REFERENCES
url:http://www.securityfocus.com/bid/40691
Trust: 1.7
url:http://www.securityfocus.com/archive/1/511751/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/59366
Trust: 1.1
url:http://xforce.iss.net/static/604.php
Trust: 0.8
url:http://groups.google.com/groups?q=ers-sva-e01-1997:008.1&hl=en&rnum=3&selm=6383r7%24kts%243%40watnews1.watson.ibm.com
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2293
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2293
Trust: 0.8
url:http://www.securityfocus.com/archive/1/511751
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/59366
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/511751/100/0/threaded
Trust: 0.6
url:http://www.d-link.com/
Trust: 0.3
url:/archive/1/511751
Trust: 0.3
url:/archive/1/511840
Trust: 0.3
sources:
            
            
            CERT/CC: VU#18419 // 
            
            
            
            CNVD: CNVD-2010-1083 // 
            
            
            
            VULHUB: VHN-44898 // 
            
            
            
            BID: 40691 // 
            
            
            
            JVNDB: JVNDB-2010-004147 // 
            
            
            
            CNNVD: CNNVD-201006-253 // 
            
            
            
            NVD: CVE-2010-2293

CREDITS
DcLabs - Sponsor: Crash
Trust: 0.9
sources:
            
            
            BID: 40691 // 
            
            
            
            CNNVD: CNNVD-201006-253

SOURCES
db:CERT/CCid:VU#18419
db:CNVDid:CNVD-2010-1083
db:VULHUBid:VHN-44898
db:BIDid:40691
db:JVNDBid:JVNDB-2010-004147
db:CNNVDid:CNNVD-201006-253
db:NVDid:CVE-2010-2293

LAST UPDATE DATE
2025-04-11T20:56:25.607000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#18419date:2001-09-27T00:00:00
db:CNVDid:CNVD-2010-1083date:2010-06-11T00:00:00
db:VULHUBid:VHN-44898date:2018-10-10T00:00:00
db:BIDid:40691date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-004147date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201006-253date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2293date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#18419date:2001-09-26T00:00:00
db:CNVDid:CNVD-2010-1083date:2010-06-11T00:00:00
db:VULHUBid:VHN-44898date:2010-06-15T00:00:00
db:BIDid:40691date:2010-06-09T00:00:00
db:JVNDBid:JVNDB-2010-004147date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201006-253date:2010-06-18T00:00:00
db:NVDid:CVE-2010-2293date:2010-06-15T14:04:26.813