Details of VAR-202310-1140

ID

VAR-202310-1140

CVE

CVE-2023-42406

DESCRIPTION

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component

Trust: 0.99

sources: NVD: CVE-2023-42406 // VULMON: CVE-2023-42406

AFFECTED PRODUCTS

vendor:

dlink

model:

dar-7000

scope:

version:

31r02b1413c

Trust: 1.0

sources: NVD: CVE-2023-42406

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-42406
value:	CRITICAL
Trust: 1.0

NVD:	CVE-2023-42406
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-42406

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2023-42406

CONFIGURATIONS

sources: NVD: CVE-2023-42406

EXTERNAL IDS

db:	NVD	id:	CVE-2023-42406	Trust: 1.1
db:	VULMON	id:	CVE-2023-42406	Trust: 0.1

sources: VULMON: CVE-2023-42406 // NVD: CVE-2023-42406

REFERENCES

url:	https://github.com/flyyue2001/cve/blob/main/d-link%20-dar-7000_sql_:sysmanage:editrole.php.md	Trust: 1.1
url:	https://github.com/1dreamgn/cve/blob/main/cve-2023-42406.md	Trust: 1.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-42406 // NVD: CVE-2023-42406

SOURCES

db:	VULMON	id:	CVE-2023-42406
db:	NVD	id:	CVE-2023-42406

LAST UPDATE DATE

2023-11-04T22:58:47.867000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-42406	date:	2023-10-27T00:00:00
db:	NVD	id:	CVE-2023-42406	date:	2023-11-03T21:42:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-42406	date:	2023-10-26T00:00:00
db:	NVD	id:	CVE-2023-42406	date:	2023-10-26T22:15:00