Sign-up

ID

VAR-201612-0634


TITLE

SQL injection vulnerability exists in multiple series of D-Link '/improtexport.php' products

Trust: 0.6

sources: CNVD: CNVD-2016-07458

DESCRIPTION

The D-LinkDAR-8000-X series and the DAR-7000-x series of online behavior auditing gateways provide Internet access behavior management solutions. There are SQL injection vulnerabilities in D-Link's multiple products. The file generated by the vulnerability is in /improtexport.php, because the base64_decode is used to decode the parameters entered by the user, so that the previous defense is bypassed. (where x different represents different products)

Trust: 0.6

sources: CNVD: CNVD-2016-07458

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07458

AFFECTED PRODUCTS

vendor:d linkmodel:dar-7000scope:eqversion:x

Trust: 0.6

vendor:d linkmodel:dar-8000scope:eqversion:x

Trust: 0.6

sources: CNVD: CNVD-2016-07458

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-07458
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-07458
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-07458

EXTERNAL IDS

db:CNVDid:CNVD-2016-07458

Trust: 0.6

sources: CNVD: CNVD-2016-07458

REFERENCES

url:http://loudong.360.cn/vul/info/id/174029

Trust: 0.6

url:https://butian.360.cn/vul/info/qid/qtva-2016-522092

Trust: 0.6

sources: CNVD: CNVD-2016-07458

SOURCES

db:CNVDid:CNVD-2016-07458

LAST UPDATE DATE

2022-05-04T10:19:38.160000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-07458date:2016-09-13T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-07458date:2016-12-07T00:00:00