Details of VAR-201511-0375

ID

VAR-201511-0375

TITLE

D-Link DIR-601 Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-07696 // CNNVD: CNNVD-201511-373

DESCRIPTION

D-Link DIR-601 has a command injection vulnerability that allows remote attackers to exploit this vulnerability to submit special requests to execute arbitrary OS commands. D-Link DIR-601 is a wireless router product from D-Link. A command injection vulnerability exists in D-Link DIR-601. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device and may cause a denial of service. D-Link DIR-601 is prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 1.35

sources: CNVD: CNVD-2015-07696 // CNNVD: CNNVD-201511-373 // BID: 77617

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-07696

AFFECTED PRODUCTS

vendor:	d link	model:	dir-601	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-601	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-07696 // BID: 77617

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-07696
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2015-07696
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-07696

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-373

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 77617

EXTERNAL IDS

db:	BID	id:	77617	Trust: 1.5
db:	CNVD	id:	CNVD-2015-07696	Trust: 0.6
db:	CNNVD	id:	CNNVD-201511-373	Trust: 0.6

sources: CNVD: CNVD-2015-07696 // BID: 77617 // CNNVD: CNNVD-201511-373

REFERENCES

url:	http://www.securityfocus.com/bid/77617	Trust: 1.2
url:	http://www.dlink.com/	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/nov/78	Trust: 0.3

sources: CNVD: CNVD-2015-07696 // BID: 77617 // CNNVD: CNNVD-201511-373

CREDITS

Samuel Huntley

Trust: 0.9

sources: BID: 77617 // CNNVD: CNNVD-201511-373

SOURCES

db:	CNVD	id:	CNVD-2015-07696
db:	BID	id:	77617
db:	CNNVD	id:	CNNVD-201511-373

LAST UPDATE DATE

2022-05-17T02:01:09.993000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07696	date:	2015-11-24T00:00:00
db:	BID	id:	77617	date:	2015-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201511-373	date:	2015-11-20T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-07696	date:	2015-11-24T00:00:00
db:	BID	id:	77617	date:	2015-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201511-373	date:	2015-11-20T00:00:00