Details of VAR-202303-1237

ID

VAR-202303-1237

CVE

CVE-2023-25279

TITLE

D-Link DIR820LA1 Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202303-917

DESCRIPTION

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload.

Trust: 1.0

sources: NVD: CVE-2023-25279

AFFECTED PRODUCTS

vendor:

dlink

model:

dir-820l

scope:

version:

105b03

Trust: 1.0

sources: NVD: CVE-2023-25279

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-25279
value:	CRITICAL
Trust: 1.0

NVD:	CVE-2023-25279
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-25279

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2023-25279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-917

CONFIGURATIONS

sources: NVD: CVE-2023-25279

EXTERNAL IDS

db:	NVD	id:	CVE-2023-25279	Trust: 1.6
db:	CNNVD	id:	CNNVD-202303-917	Trust: 0.6

sources: CNNVD: CNNVD-202303-917 // NVD: CVE-2023-25279

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.6
url:	https://github.com/migraine-sudo/d_link_vuln/tree/main/cmd%20inject%20in%20tools_accountname	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2023-25279/	Trust: 0.6

sources: CNNVD: CNNVD-202303-917 // NVD: CVE-2023-25279

SOURCES

db:	CNNVD	id:	CNNVD-202303-917
db:	NVD	id:	CVE-2023-25279

LAST UPDATE DATE

2023-03-17T22:56:42.492000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202303-917	date:	2023-03-14T00:00:00
db:	NVD	id:	CVE-2023-25279	date:	2023-03-17T03:51:00

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202303-917	date:	2023-03-13T00:00:00
db:	NVD	id:	CVE-2023-25279	date:	2023-03-13T19:15:00