Details of VAR-201408-0479

ID

VAR-201408-0479

TITLE

Multiple D-Link products 'login_mgr.cgi' remote command injection vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-04955 // BID: 69167

DESCRIPTION

D-Link DNS-315L, DNS-320L, DNS-327L, DNS-340L, and DNS-345 are NAS network storage devices. Multiple D-Link products 'login_mgr.cgi' have remote command injection vulnerabilities that allow an attacker to exploit a vulnerability to execute arbitrary commands in the context of an affected device. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 0.81

sources: CNVD: CNVD-2014-04955 // BID: 69167

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04955

AFFECTED PRODUCTS

vendor:	d link	model:	dns-315l 1.02b02	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dns-320l 1.03b04	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dns-340l	scope:	eq	version:	1.00	Trust: 0.9
vendor:	d link	model:	dns-345 1.04b01	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dns-327l	scope:	eq	version:	1.02	Trust: 0.6
vendor:	d link	model:	dns-327l ax	scope:	eq	version:	1.02	Trust: 0.3
vendor:	d link	model:	dns-345 1.04b02	scope:	ne	version:	-	Trust: 0.3
vendor:	d link	model:	dns-340l	scope:	ne	version:	1.01	Trust: 0.3
vendor:	d link	model:	dns-327l 1.03b03	scope:	ne	version:	-	Trust: 0.3
vendor:	d link	model:	dns-320l 1.03b08	scope:	ne	version:	-	Trust: 0.3
vendor:	d link	model:	dns-315l 1.02b03	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-04955 // BID: 69167

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-04955
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-04955
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-04955

THREAT TYPE

network

Trust: 0.3

sources: BID: 69167

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 69167

PATCH

title:

Patch for multiple D-Link products 'login_mgr.cgi' remote command injection vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/48655

Trust: 0.6

sources: CNVD: CNVD-2014-04955

EXTERNAL IDS

db:	BID	id:	69167	Trust: 0.9
db:	OSVDB	id:	109924	Trust: 0.6
db:	CNVD	id:	CNVD-2014-04955	Trust: 0.6
db:	DLINK	id:	SAP10042	Trust: 0.3

sources: CNVD: CNVD-2014-04955 // BID: 69167

REFERENCES

url:	http://www.securityfocus.com/bid/69167	Trust: 0.6
url:	http://osvdb.com/show/osvdb/109924	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10042	Trust: 0.3

sources: CNVD: CNVD-2014-04955 // BID: 69167

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 69167

SOURCES

db:	CNVD	id:	CNVD-2014-04955
db:	BID	id:	69167

LAST UPDATE DATE

2022-05-17T01:43:22.279000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04955	date:	2014-08-13T00:00:00
db:	BID	id:	69167	date:	2014-08-09T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04955	date:	2014-08-13T00:00:00
db:	BID	id:	69167	date:	2014-08-09T00:00:00