Details of VAR-201504-0623

ID

VAR-201504-0623

TITLE

Multiple D-Link Products HNAP Remote Command Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-02403

DESCRIPTION

D-link specializes in the design and development of wireless network and Ethernet road hardware products. A remote command privilege escalation vulnerability exists in multiple D-Link products HNAP. Allows an attacker to exploit this vulnerability to escalate permissions and execute arbitrary commands. This may aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2015-02403 // BID: 74051

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02403

AFFECTED PRODUCTS

vendor:	d link	model:	router	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-890l a1 1.03b07	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-880l a1 1.02b13	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-868l a1 1.09b08	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-860l a1 1.08b02	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-850l b1 2.03b01	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-850l a1 1.12b05	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-820lw b1	scope:	eq	version:	2.01	Trust: 0.3
vendor:	d link	model:	dir-818lw a1 1.04b03	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-817lw b1 1.03b05	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-816l a1 2.05b02	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dir-629 a1	scope:	eq	version:	1.01	Trust: 0.3
vendor:	d link	model:	dir-890l a1 patch 1.06b01	scope:	ne	version:	-	Trust: 0.3
vendor:	d link	model:	dir-880l a1 patch 1.03b11	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02403 // BID: 74051

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-02403
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2015-02403
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-02403

THREAT TYPE

network

Trust: 0.3

sources: BID: 74051

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 74051

PATCH

title:

Patch for multiple D-Link products HNAP Remote Command Privilege Escalation Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/57324

Trust: 0.6

sources: CNVD: CNVD-2015-02403

EXTERNAL IDS

db:	BID	id:	74051	Trust: 0.9
db:	CNVD	id:	CNVD-2015-02403	Trust: 0.6
db:	DLINK	id:	SAP10054	Trust: 0.3

sources: CNVD: CNVD-2015-02403 // BID: 74051

REFERENCES

url:	http://www.securityfocus.com/bid/74051	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10054	Trust: 0.3

sources: CNVD: CNVD-2015-02403 // BID: 74051

CREDITS

Zhang Wei (Qihoo360 ADLAB)

Trust: 0.3

sources: BID: 74051

SOURCES

db:	CNVD	id:	CNVD-2015-02403
db:	BID	id:	74051

LAST UPDATE DATE

2022-05-17T02:03:20.150000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02403	date:	2015-04-15T00:00:00
db:	BID	id:	74051	date:	2015-04-10T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02403	date:	2015-04-15T00:00:00
db:	BID	id:	74051	date:	2015-04-10T00:00:00