Sign-up

ID

VAR-202303-1237


CVE

CVE-2023-25279


TITLE

D-Link Systems, Inc.  of  DIR-820L  in firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-005379

DESCRIPTION

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. D-Link Systems, Inc. (DoS) It may be in a state. D-Link DIR820LA1 is a router made by D-Link in China

Trust: 2.16

sources: NVD: CVE-2023-25279 // JVNDB: JVNDB-2023-005379 // CNVD: CNVD-2023-28114

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-28114

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-820lscope:eqversion:105b03

Trust: 1.0

vendor:d linkmodel:dir-820l ファームウエアscope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-820l ファームウエアscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-820l ファームウエアscope:eqversion:dir-820l firmware 105b03

Trust: 0.8

vendor:d linkmodel:dir820la1 dir820la1 fw105b03scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-28114 // JVNDB: JVNDB-2023-005379 // NVD: CVE-2023-25279

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-25279
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2023-28114
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-28114
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-25279
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-28114 // JVNDB: JVNDB-2023-005379 // NVD: CVE-2023-25279

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-005379 // NVD: CVE-2023-25279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-917

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-25279

EXTERNAL IDS
db:NVDid:CVE-2023-25279
Trust: 3.8
db:JVNDBid:JVNDB-2023-005379
Trust: 0.8
db:CNVDid:CNVD-2023-28114
Trust: 0.6
db:CNNVDid:CNNVD-202303-917
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2023-28114 // 
            
            
            
            JVNDB: JVNDB-2023-005379 // 
            
            
            
            NVD: CVE-2023-25279 // 
            
            
            
            CNNVD: CNNVD-202303-917

REFERENCES
url:https://www.dlink.com/en/security-bulletin/
Trust: 3.0
url:https://github.com/migraine-sudo/d_link_vuln/tree/main/cmd%20inject%20in%20tools_accountname
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2023-25279
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-25279/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2023-28114 // 
            
            
            
            JVNDB: JVNDB-2023-005379 // 
            
            
            
            NVD: CVE-2023-25279 // 
            
            
            
            CNNVD: CNNVD-202303-917

SOURCES
db:CNVDid:CNVD-2023-28114
db:JVNDBid:JVNDB-2023-005379
db:NVDid:CVE-2023-25279
db:CNNVDid:CNNVD-202303-917

LAST UPDATE DATE
2023-12-18T12:33:53.194000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2023-28114date:2023-04-17T00:00:00
db:JVNDBid:JVNDB-2023-005379date:2023-11-08T03:00:00
db:NVDid:CVE-2023-25279date:2023-03-17T03:51:01.730
db:CNNVDid:CNNVD-202303-917date:2023-03-14T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2023-28114date:2023-04-17T00:00:00
db:JVNDBid:JVNDB-2023-005379date:2023-11-08T00:00:00
db:NVDid:CVE-2023-25279date:2023-03-13T19:15:22.550
db:CNNVDid:CNNVD-202303-917date:2023-03-13T00:00:00