Details of VAR-201702-1069

ID

VAR-201702-1069

CVE

CVE-2017-6206

TITLE

D-Link DGS-1510 Websmart In device firmware Unauthenticated Information Disclosure Attacked vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001679

DESCRIPTION

D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. D-Link DGS-1510-28XMP and so on are D-Link's Ethernet switches. Security vulnerabilities exist in several D-Link DGS-1510 Websmart devices, allowing remote attackers to exploit this vulnerability to submit special requests for sensitive information. Multiple D-Link products are prone to an unspecified information-disclosure vulnerability. D-Link DGS-1510-28XMP, etc. The following devices are affected: D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, DGS-1510-20

Trust: 2.52

sources: NVD: CVE-2017-6206 // JVNDB: JVNDB-2017-001679 // CNVD: CNVD-2017-02484 // BID: 96393 // VULHUB: VHN-114409

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-02484

AFFECTED PRODUCTS

vendor:	d link	model:	dgs-1510-28xmp	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-28x	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-52x	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-52	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-28p	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-28	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dgs-1510-20	scope:	-	version:	-	Trust: 1.4
vendor:	dlink	model:	websmart dgs-1510 series	scope:	lte	version:	1.31.b001	Trust: 1.0
vendor:	d link	model:	dgs-1510 series	scope:	lt	version:	1.31.b003	Trust: 0.8
vendor:	dlink	model:	websmart dgs-1510 series	scope:	eq	version:	1.31.b001	Trust: 0.6

sources: CNVD: CNVD-2017-02484 // JVNDB: JVNDB-2017-001679 // NVD: CVE-2017-6206 // CNNVD: CNNVD-201702-833

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-6206
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2017-02484
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-833
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114409
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	TRUE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-6206
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-02484
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114409
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2017-6206
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-02484 // VULHUB: VHN-114409 // JVNDB: JVNDB-2017-001679 // NVD: CVE-2017-6206 // CNNVD: CNNVD-201702-833

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-114409 // JVNDB: JVNDB-2017-001679 // NVD: CVE-2017-6206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-833

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-833

CONFIGURATIONS

sources: NVD: CVE-2017-6206

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-114409

PATCH

title:	D-Link DGS-1510 Websmart Switch Series - Security Patch : Beta release	url:	http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10070	Trust: 0.8
title:	Multiple D-Link DGS-1510 Websmart Repair measures for device information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68096	Trust: 0.6

sources: JVNDB: JVNDB-2017-001679 // CNNVD: CNNVD-201702-833

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6206	Trust: 3.4
db:	DLINK	id:	SAP10070	Trust: 2.3
db:	BID	id:	96393	Trust: 2.0
db:	EXPLOIT-DB	id:	41662	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-001679	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-833	Trust: 0.7
db:	CNVD	id:	CNVD-2017-02484	Trust: 0.6
db:	SEEBUG	id:	SSVID-92808	Trust: 0.1
db:	VULHUB	id:	VHN-114409	Trust: 0.1

sources: CNVD: CNVD-2017-02484 // VULHUB: VHN-114409 // BID: 96393 // JVNDB: JVNDB-2017-001679 // NVD: CVE-2017-6206 // CNNVD: CNNVD-201702-833

REFERENCES

url:	http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10070	Trust: 2.3
url:	http://www.securityfocus.com/bid/96393	Trust: 1.7
url:	https://www.exploit-db.com/exploits/41662/	Trust: 1.1
url:	https://github.com/varangamin/cve-2017-6206	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6206	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-6206	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2017-02484 // VULHUB: VHN-114409 // BID: 96393 // JVNDB: JVNDB-2017-001679 // NVD: CVE-2017-6206 // CNNVD: CNNVD-201702-833

CREDITS

Aditya K Sood and Varang Amin.

Trust: 0.3

sources: BID: 96393

SOURCES

db:	CNVD	id:	CNVD-2017-02484
db:	VULHUB	id:	VHN-114409
db:	BID	id:	96393
db:	JVNDB	id:	JVNDB-2017-001679
db:	NVD	id:	CVE-2017-6206
db:	CNNVD	id:	CNNVD-201702-833

LAST UPDATE DATE

2023-12-18T12:04:32.262000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-02484	date:	2017-03-07T00:00:00
db:	VULHUB	id:	VHN-114409	date:	2017-08-16T00:00:00
db:	BID	id:	96393	date:	2017-03-07T01:07:00
db:	JVNDB	id:	JVNDB-2017-001679	date:	2017-03-13T00:00:00
db:	NVD	id:	CVE-2017-6206	date:	2017-08-16T01:29:19.227
db:	CNNVD	id:	CNNVD-201702-833	date:	2017-03-13T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-02484	date:	2017-03-07T00:00:00
db:	VULHUB	id:	VHN-114409	date:	2017-02-23T00:00:00
db:	BID	id:	96393	date:	2017-02-23T00:00:00
db:	JVNDB	id:	JVNDB-2017-001679	date:	2017-03-13T00:00:00
db:	NVD	id:	CVE-2017-6206	date:	2017-02-23T06:59:00.197
db:	CNNVD	id:	CNNVD-201702-833	date:	2017-02-24T00:00:00