Details of VAR-201407-0728

ID

VAR-201407-0728

TITLE

D-Link DNS-320 Ax Remote Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-04433 // CNNVD: CNNVD-201407-550

DESCRIPTION

D-Link DNS-320 Ax is a NAS network storage product from D-Link. A remote command injection vulnerability exists in D-Link DNS-320 Ax running firmware version 2.04b02 and earlier. An attacker could use this vulnerability to execute arbitrary commands in the context of an affected device with root privileges. It may also cause a denial of service. D-Link DNS-320 Ax is prone to an unspecified remote command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.35

sources: CNVD: CNVD-2014-04433 // CNNVD: CNNVD-201407-550 // BID: 68687

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04433

AFFECTED PRODUCTS

vendor:	d link	model:	dns-320 ax <=2.04b02	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dns-320 ax 2.04b02	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dns-320 ax 2.05b08	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-04433 // BID: 68687

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-04433
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-04433
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-04433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-550

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201407-550

PATCH

title:

D-Link DNS-320 Ax Remote Command Injection Vulnerability Patch

url:

https://www.cnvd.org.cn/patchinfo/show/47696

Trust: 0.6

sources: CNVD: CNVD-2014-04433

EXTERNAL IDS

db:	BID	id:	68687	Trust: 1.5
db:	CNVD	id:	CNVD-2014-04433	Trust: 0.6
db:	CNNVD	id:	CNNVD-201407-550	Trust: 0.6
db:	DLINK	id:	SAP10039	Trust: 0.3

sources: CNVD: CNVD-2014-04433 // BID: 68687 // CNNVD: CNNVD-201407-550

REFERENCES

url:	http://www.securityfocus.com/bid/68687	Trust: 1.2
url:	http://www.dlink.com/	Trust: 0.9
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10039	Trust: 0.3

sources: CNVD: CNVD-2014-04433 // BID: 68687 // CNNVD: CNNVD-201407-550

CREDITS

Alberto Ortega

Trust: 0.9

sources: BID: 68687 // CNNVD: CNNVD-201407-550

SOURCES

db:	CNVD	id:	CNVD-2014-04433
db:	BID	id:	68687
db:	CNNVD	id:	CNNVD-201407-550

LAST UPDATE DATE

2022-05-17T01:41:20.077000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04433	date:	2014-07-21T00:00:00
db:	BID	id:	68687	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-550	date:	2014-07-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04433	date:	2014-07-21T00:00:00
db:	BID	id:	68687	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-550	date:	2014-07-24T00:00:00