Details of VAR-202303-1040

ID

VAR-202303-1040

CVE

CVE-2023-24762

TITLE

D-Link DIR-867 Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202303-909

DESCRIPTION

OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1.

Trust: 1.0

sources: NVD: CVE-2023-24762

AFFECTED PRODUCTS

vendor:

dlink

model:

dir-867

scope:

version:

1.30b07

Trust: 1.0

sources: NVD: CVE-2023-24762

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-24762
value:	CRITICAL
Trust: 1.0

NVD:	CVE-2023-24762
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-24762

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2023-24762

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-909

CONFIGURATIONS

sources: NVD: CVE-2023-24762

EXTERNAL IDS

db:	NVD	id:	CVE-2023-24762	Trust: 1.6
db:	CNNVD	id:	CNNVD-202303-909	Trust: 0.6

sources: CNNVD: CNNVD-202303-909 // NVD: CVE-2023-24762

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.6
url:	https://hackmd.io/@uuxne2y3rjodpwm87fw6_a/hypk04zho	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2023-24762/	Trust: 0.6

sources: CNNVD: CNNVD-202303-909 // NVD: CVE-2023-24762

SOURCES

db:	CNNVD	id:	CNNVD-202303-909
db:	NVD	id:	CVE-2023-24762

LAST UPDATE DATE

2023-03-17T23:03:21.422000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202303-909	date:	2023-03-14T00:00:00
db:	NVD	id:	CVE-2023-24762	date:	2023-03-17T04:02:00

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202303-909	date:	2023-03-13T00:00:00
db:	NVD	id:	CVE-2023-24762	date:	2023-03-13T14:15:00