Sign-up

ID

VAR-201407-0688


TITLE

Multiple D-Links have multiple vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2014-04394

DESCRIPTION

The DNR-322L and DNR-326 network video memory is a stand-alone storage device that supports M-JPEG, MPEG4 or H.264 encoding formats. D-Link DNR-322L and DNR-326 are NAS network storage products of D-Link Corporation. D-Link DNR-322L and DNR-326 have authentication bypass loopholes, information disclosure loopholes, arbitrary firmware upload loopholes, and denial of service loopholes. Attackers can use these vulnerabilities to perform unauthorized operations, upload arbitrary firmware, cause denial of service, or disclose sensitive information. D-Link DNR-322L and DNR-326 are prone to an authentication-bypass vulnerability, multiple information-disclosure vulnerabilities, an arbitrary firmware-upload vulnerability, and a denial-of-service vulnerability. This may aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-04394 // CNNVD: CNNVD-201407-549 // BID: 68699

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04394

AFFECTED PRODUCTS

vendor:d linkmodel:dnr-326scope: - version: -

Trust: 0.6

vendor:d linkmodel:dnr-322lscope: - version: -

Trust: 0.6

vendor:d linkmodel:dnr-326 ax 1.30b01scope: - version: -

Trust: 0.3

vendor:d linkmodel:dnr-322l ax 1.00b07scope: - version: -

Trust: 0.3

vendor:d linkmodel:dnr-326 ax 2.10b02scope:neversion: -

Trust: 0.3

vendor:d linkmodel:dnr-322l ax 2.00b07scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2014-04394 // BID: 68699

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-04394
value: HIGH

Trust: 0.6

CNVD: CNVD-2014-04394
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-04394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-549

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-549

PATCH

title:Multiple D-Link patches with multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/47589

Trust: 0.6

sources: CNVD: CNVD-2014-04394

EXTERNAL IDS

db:BIDid:68699

Trust: 1.5

db:CNVDid:CNVD-2014-04394

Trust: 0.6

db:CNNVDid:CNNVD-201407-549

Trust: 0.6

db:DLINKid:SAP10038

Trust: 0.3

sources: CNVD: CNVD-2014-04394 // BID: 68699 // CNNVD: CNNVD-201407-549

REFERENCES

url:http://www.securityfocus.com/bid/68699/info

Trust: 0.6

url:http://www.securityfocus.com/bid/68699

Trust: 0.6

url:http://www.dlink.com/

Trust: 0.3

url:http://www.pcworld.com/article/2045643/vulnerabilities-in-dlink-network-video-recorders-enable-remote-spying-researcher-says.html

Trust: 0.3

url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10038

Trust: 0.3

sources: CNVD: CNVD-2014-04394 // BID: 68699 // CNNVD: CNNVD-201407-549

CREDITS

Qualys Security Research Team

Trust: 0.9

sources: BID: 68699 // CNNVD: CNNVD-201407-549

SOURCES

db:CNVDid:CNVD-2014-04394
db:BIDid:68699
db:CNNVDid:CNNVD-201407-549

LAST UPDATE DATE

2022-05-17T01:51:09.802000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04394date:2014-07-21T00:00:00
db:BIDid:68699date:2014-07-16T00:00:00
db:CNNVDid:CNNVD-201407-549date:2014-07-24T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-04394date:2014-07-21T00:00:00
db:BIDid:68699date:2014-07-16T00:00:00
db:CNNVDid:CNNVD-201407-549date:2014-07-24T00:00:00