Sign-up

ID

VAR-201502-0200


CVE

CVE-2015-2050


TITLE

D-Link DAP-1320 Code Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-01374 // CNNVD: CNNVD-201502-369

DESCRIPTION

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors. The D-Link DAP-1320 is a wireless network extender from D-Link. A security hole exists in D-Link DAP-1320 Rev Ax. D-Link DAP-1320 is prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 3.24

sources: NVD: CVE-2015-2050 // CERT/CC: VU#184100 // JVNDB: JVNDB-2015-001590 // CNVD: CNVD-2015-01374 // BID: 73143 // VULHUB: VHN-80011

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-01374

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1320scope:lteversion:1.11

Trust: 1.0

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-1320scope:eqversion:ax

Trust: 0.8

vendor:d linkmodel:dap-1320scope:ltversion:1.21b05

Trust: 0.8

vendor:d linkmodel:dap-1320 <1.21b05scope: - version: -

Trust: 0.6

vendor:d linkmodel:dap-1320scope:eqversion:1.11

Trust: 0.6

vendor:d linkmodel:dap-1320 rev axscope:eqversion:1.11

Trust: 0.3

vendor:d linkmodel:dap-1320 rev ax 1.21b05scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#184100 // CNVD: CNVD-2015-01374 // BID: 73143 // JVNDB: JVNDB-2015-001590 // CNNVD: CNNVD-201502-369 // NVD: CVE-2015-2050

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2015-2050
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2015-2050
value: HIGH

Trust: 1.0

CNVD: CNVD-2015-01374
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201502-369
value: CRITICAL

Trust: 0.6

VULHUB: VHN-80011
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-2050
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2015-2050
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-01374
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80011
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#184100 // CNVD: CNVD-2015-01374 // VULHUB: VHN-80011 // JVNDB: JVNDB-2015-001590 // CNNVD: CNNVD-201502-369 // NVD: CVE-2015-2050

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-2050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-369

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201502-369

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001590

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#184100

PATCH
title:DAP-1320url:http://www.dlink.ru/mn/products/2/1788.html
Trust: 0.8
title:SAP10050url:http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10050
Trust: 0.8
title:D-Link DAP-1320 code injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/55728
Trust: 0.6
title:DAP-1320_REVA_FIRMWARE_1.21.B05_url:http://123.124.177.30/web/xxk/bdxqById.tag?id=53997
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01374 // 
            
            
            
            JVNDB: JVNDB-2015-001590 // 
            
            
            
            CNNVD: CNNVD-201502-369

EXTERNAL IDS
db:NVDid:CVE-2015-2050
Trust: 4.2
db:CERT/CCid:VU#184100
Trust: 3.6
db:DLINKid:SAP10050
Trust: 3.4
db:BIDid:73143
Trust: 2.0
db:JVNid:JVNVU98312907
Trust: 0.8
db:JVNDBid:JVNDB-2015-001590
Trust: 0.8
db:CNNVDid:CNNVD-201502-369
Trust: 0.7
db:CNVDid:CNVD-2015-01374
Trust: 0.6
db:VULHUBid:VHN-80011
Trust: 0.1
sources:
            
            
            CERT/CC: VU#184100 // 
            
            
            
            CNVD: CNVD-2015-01374 // 
            
            
            
            VULHUB: VHN-80011 // 
            
            
            
            BID: 73143 // 
            
            
            
            JVNDB: JVNDB-2015-001590 // 
            
            
            
            CNNVD: CNNVD-201502-369 // 
            
            
            
            NVD: CVE-2015-2050

REFERENCES
url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10050
Trust: 3.4
url:http://www.kb.cert.org/vuls/id/184100
Trust: 2.8
url:http://www.securityfocus.com/bid/73143
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2050
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2050
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98312907/index.html
Trust: 0.8
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#184100 // 
            
            
            
            CNVD: CNVD-2015-01374 // 
            
            
            
            VULHUB: VHN-80011 // 
            
            
            
            BID: 73143 // 
            
            
            
            JVNDB: JVNDB-2015-001590 // 
            
            
            
            CNNVD: CNNVD-201502-369 // 
            
            
            
            NVD: CVE-2015-2050

CREDITS
Mike Baucom, Allen Harper, and J. Rach of Tangible Security.
Trust: 0.3
sources:
            
            
            BID: 73143

SOURCES
db:CERT/CCid:VU#184100
db:CNVDid:CNVD-2015-01374
db:VULHUBid:VHN-80011
db:BIDid:73143
db:JVNDBid:JVNDB-2015-001590
db:CNNVDid:CNNVD-201502-369
db:NVDid:CVE-2015-2050

LAST UPDATE DATE
2025-04-13T23:31:35.266000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#184100date:2015-03-16T00:00:00
db:CNVDid:CNVD-2015-01374date:2015-03-02T00:00:00
db:VULHUBid:VHN-80011date:2017-03-24T00:00:00
db:BIDid:73143date:2017-03-23T00:01:00
db:JVNDBid:JVNDB-2015-001590date:2015-03-18T00:00:00
db:CNNVDid:CNNVD-201502-369date:2023-04-27T00:00:00
db:NVDid:CVE-2015-2050date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#184100date:2015-03-16T00:00:00
db:CNVDid:CNVD-2015-01374date:2015-03-02T00:00:00
db:VULHUBid:VHN-80011date:2015-02-23T00:00:00
db:BIDid:73143date:2015-03-16T00:00:00
db:JVNDBid:JVNDB-2015-001590date:2015-02-25T00:00:00
db:CNNVDid:CNNVD-201502-369date:2015-02-27T00:00:00
db:NVDid:CVE-2015-2050date:2015-02-23T17:59:07.463