Sign-up

ID

VAR-201702-1106


TITLE

D-Link DGS-1510 Switches has a certification bypass vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-01959

DESCRIPTION

The D-Link DGS-1510 series is the next generation of intelligent managed switches. There is a certificate bypass vulnerability in D-LinkDGS-1510Switches. Allows an attacker to exploit the vulnerability to execute commands on the switch, extract configuration and get user information from the device, including username and password, and add new users with administrator privileges.

Trust: 0.6

sources: CNVD: CNVD-2017-01959

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01959

AFFECTED PRODUCTS

vendor:d linkmodel:dgs-1510-28xmp <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-28 <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-20 <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-28p <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-52 <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-52x <1.31.b003scope: - version: -

Trust: 0.6

vendor:d linkmodel:dgs-1510-28x <1.31.b003scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-01959

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-01959
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-01959
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-01959

PATCH

title:D-LinkDGS-1510Switches has a patch for authentication bypass vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/89744

Trust: 0.6

sources: CNVD: CNVD-2017-01959

EXTERNAL IDS

db:CNVDid:CNVD-2017-01959

Trust: 0.6

sources: CNVD: CNVD-2017-01959

REFERENCES

url:http://www.securityweek.com/d-link-patches-serious-flaws-dgs-1510-switches?from=groupmessage

Trust: 0.6

sources: CNVD: CNVD-2017-01959

SOURCES

db:CNVDid:CNVD-2017-01959

LAST UPDATE DATE

2022-05-04T09:11:37.551000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-01959date:2017-02-25T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-01959date:2017-02-25T00:00:00