ID
VAR-201304-0461
TITLE
D-Link Multiple Product Command Injection Vulnerabilities
Trust: 0.6
DESCRIPTION
There is a command injection vulnerability in D-Link's various router devices. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly verify dst parameter data and lack of verification of the session, allowing remote attackers to exploit The vulnerability is injected and executed by any shell command. DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 devices fail to properly restrict access to version.txt or DevInfo, allowing remote attackers to submit requests directly Model name, hardware version, kernel version, firmware version, MAC address information. D-Link is a network company founded by Taiwan D-Link Group. It is committed to the research and development, production and marketing of local area networks, broadband networks, wireless networks, voice networks and related network equipment. Command injection vulnerabilities and multiple information disclosure vulnerabilities exist in multiple D-Link products. An attacker could use these vulnerabilities to gain access to potentially sensitive information and execute arbitrary commands in the context of an affected device
Trust: 1.89
IOT TAXONOMY
| category: | ['IoT', 'Network device'] | sub_category: | - | Trust: 1.2 |
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-600 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-300 revb | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-645 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-110 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-815 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-412 | scope: | - | version: | - | Trust: 1.2 |
| vendor: | d link | model: | dir-456 | scope: | - | version: | - | Trust: 1.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.3
PATCH
| title: | D-Link multiple product command injection vulnerability patch | url: | https://www.cnvd.org.cn/patchinfo/show/33191 | Trust: 0.6 |
| title: | D-Link patch for multiple product information disclosure vulnerabilities | url: | https://www.cnvd.org.cn/patchinfo/show/33192 | Trust: 0.6 |
EXTERNAL IDS
| db: | BID | id: | 58938 | Trust: 2.1 |
| db: | EXPLOIT-DB | id: | 24926 | Trust: 1.2 |
| db: | CNVD | id: | CNVD-2013-02859 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2013-02860 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201304-110 | Trust: 0.6 |
REFERENCES
| url: | http://www.exploit-db.com/exploits/24926/ | Trust: 1.2 |
| url: | http://www.securityfocus.com/bid/58938 | Trust: 0.6 |
| url: | http://www.dlink.com/ | Trust: 0.3 |
CREDITS
m-1-k-3
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2013-02859 |
| db: | CNVD | id: | CNVD-2013-02860 |
| db: | BID | id: | 58938 |
| db: | CNNVD | id: | CNNVD-201304-110 |
LAST UPDATE DATE
2022-05-17T01:51:12.684000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-02859 | date: | 2013-04-10T00:00:00 |
| db: | CNVD | id: | CNVD-2013-02860 | date: | 2013-04-10T00:00:00 |
| db: | BID | id: | 58938 | date: | 2013-04-11T05:28:00 |
| db: | CNNVD | id: | CNNVD-201304-110 | date: | 2013-04-12T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-02859 | date: | 2013-04-10T00:00:00 |
| db: | CNVD | id: | CNVD-2013-02860 | date: | 2013-04-10T00:00:00 |
| db: | BID | id: | 58938 | date: | 2013-04-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201304-110 | date: | 2013-04-12T00:00:00 |