Sign-up

ID

VAR-201612-0643


TITLE

D-Link multiple series behavioral gateway hid_id and oldpwd parameters exist SQL injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07460

DESCRIPTION

The D-LinkDAR-8000-X series and the DAR-7000-x series of online behavior auditing gateways provide Internet access behavior management solutions. There are SQL injection vulnerabilities in D-Link multiple series behavioral gateways. The problematic file is autheditepwd.php, and the injection parameters are hid_id and oldpwd, allowing attackers to exploit the vulnerability to get database sensitive information. (where x different represents different products)

Trust: 0.6

sources: CNVD: CNVD-2016-07460

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07460

AFFECTED PRODUCTS

vendor:d linkmodel:dar-7000scope:eqversion:x

Trust: 0.6

vendor:d linkmodel:dar-8000scope:eqversion:10

Trust: 0.6

sources: CNVD: CNVD-2016-07460

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-07460
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-07460
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-07460

EXTERNAL IDS

db:CNVDid:CNVD-2016-07460

Trust: 0.6

sources: CNVD: CNVD-2016-07460

REFERENCES

url:http://loudong.360.cn/vul/info/id/174835

Trust: 0.6

url:https://butian.360.cn/vul/info/qid/qtva-2016-524510

Trust: 0.6

sources: CNVD: CNVD-2016-07460

SOURCES

db:CNVDid:CNVD-2016-07460

LAST UPDATE DATE

2022-05-04T09:39:42.305000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-07460date:2016-09-13T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-07460date:2016-12-07T00:00:00