Details of VAR-201505-0499

ID

VAR-201505-0499

TITLE

D-Link DIR-601 Authentication Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2015-02914

DESCRIPTION

D-Link DIR-601 is a wireless router product from D-Link. An authentication bypass vulnerability and a security bypass vulnerability exist in D-Link DIR-601 routers using 2.02NA and earlier firmware. An attacker could use this vulnerability to bypass the authentication mechanism and gain unauthorized access. D-Link DIR-601 router is prone to an authentication-bypass vulnerability and a security-bypass vulnerability. D-Link DIR-601 running firmware version 2.02NA and prior are vulnerable

Trust: 1.35

sources: CNVD: CNVD-2015-02914 // CNNVD: CNNVD-201505-323 // BID: 74459

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02914

AFFECTED PRODUCTS

vendor:	d link	model:	dir-601 <=2.02na	scope:	-	version:	-	Trust: 0.6
vendor:	dlink	model:	dir-601 2.02na	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2015-02914 // BID: 74459

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-02914
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2015-02914
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-02914

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-323

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201505-323

PATCH

title:

D-Link DIR-601 authentication bypass vulnerability patch

url:

https://www.cnvd.org.cn/patchinfo/show/58070

Trust: 0.6

sources: CNVD: CNVD-2015-02914

EXTERNAL IDS

db:	DLINK	id:	SAP10056	Trust: 0.9
db:	BID	id:	74459	Trust: 0.9
db:	SECUNIA	id:	64367	Trust: 0.6
db:	CNVD	id:	CNVD-2015-02914	Trust: 0.6
db:	CNNVD	id:	CNNVD-201505-323	Trust: 0.6

sources: CNVD: CNVD-2015-02914 // BID: 74459 // CNNVD: CNNVD-201505-323

REFERENCES

url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10056	Trust: 0.9
url:	http://secunia.com/advisories/64367/	Trust: 0.6
url:	http://www.securityfocus.com/bid/74459	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2015-02914 // BID: 74459 // CNNVD: CNNVD-201505-323

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 74459

SOURCES

db:	CNVD	id:	CNVD-2015-02914
db:	BID	id:	74459
db:	CNNVD	id:	CNNVD-201505-323

LAST UPDATE DATE

2022-05-17T02:03:20.023000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02914	date:	2015-05-07T00:00:00
db:	BID	id:	74459	date:	2015-05-01T00:00:00
db:	CNNVD	id:	CNNVD-201505-323	date:	2015-05-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02914	date:	2015-05-07T00:00:00
db:	BID	id:	74459	date:	2015-05-01T00:00:00
db:	CNNVD	id:	CNNVD-201505-323	date:	2015-05-19T00:00:00