Details of VAR-201312-0547

ID

VAR-201312-0547

TITLE

D-Link DIR Series Router 'model/__show_info.php' Local File Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-14868

DESCRIPTION

The D-Link DIR series router 'model/__show_info.php' failed to properly validate user-submitted input, allowing remote attackers to exploit vulnerabilities to submit malicious requests for sensitive file information. D-Link DIR-615 and other wireless router products from D-Link. A local file leak vulnerability exists in several D-Link DIR series routers. The vulnerability stems from the program's insufficient filtering of user-submitted input. An attacker could use this vulnerability to obtain sensitive information. The following models and versions have vulnerabilities: D-Link DIR-615 0, D-Link DIR-300 2.05B03, D-Link DIR-300 2.04, D-Link DIR-300 2.01B1, D-Link DIR-300 1.05B09, D-Link DIR-300 1.05, D-Link DIR-300 1.04, D-Link DIR-300 0. This may aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2013-14868 // CNNVD: CNNVD-201312-056 // BID: 64043

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14868

AFFECTED PRODUCTS

vendor:	d link	model:	dir-300	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-615	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-600	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-615	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dir-600 2.17b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-600 2.16b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-600 2.14b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-600 2.13b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-600 2.12b02	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-600	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dir-300 revb 2.14b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-300 revb	scope:	eq	version:	0	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	2.13	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	2.12	Trust: 0.3
vendor:	d link	model:	dir-300 2.05b03	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	2.04	Trust: 0.3
vendor:	d link	model:	dir-300 2.01b1	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	1.3	Trust: 0.3
vendor:	d link	model:	dir-300 1.05b09	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	1.05	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	1.04	Trust: 0.3
vendor:	d link	model:	dir-300	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2013-14868 // BID: 64043

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-14868
value:	LOW
Trust: 0.6

CNVD:	CNVD-2013-14868
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-14868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-056

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 64043

EXTERNAL IDS

db:	BID	id:	64043	Trust: 1.5
db:	CNVD	id:	CNVD-2013-14868	Trust: 0.6
db:	CNNVD	id:	CNNVD-201312-056	Trust: 0.6

sources: CNVD: CNVD-2013-14868 // BID: 64043 // CNNVD: CNNVD-201312-056

REFERENCES

url:	http://seclists.org/fulldisclosure/2013/dec/6	Trust: 0.9
url:	http://www.securityfocus.com/bid/64043	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2013-14868 // BID: 64043 // CNNVD: CNNVD-201312-056

CREDITS

tytusromekiatomek

Trust: 0.9

sources: BID: 64043 // CNNVD: CNNVD-201312-056

SOURCES

db:	CNVD	id:	CNVD-2013-14868
db:	BID	id:	64043
db:	CNNVD	id:	CNNVD-201312-056

LAST UPDATE DATE

2022-05-17T01:53:12.602000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14868	date:	2013-12-05T00:00:00
db:	BID	id:	64043	date:	2013-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201312-056	date:	2013-12-05T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14868	date:	2013-12-05T00:00:00
db:	BID	id:	64043	date:	2013-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201312-056	date:	2013-12-05T00:00:00