D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L har 20241028 HTTP GET Request /xml/info.xml Bayani fitowa
Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L har 20241028. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /xml/info.xml na cikin fayil, HTTP GET Request Handler na cikin sashi. Ngam manipulation shi Bayani fitowa. CWE shidin ka a yi bayani matsala sai ya kai CWE-200. Gaskiya, laifi an fitar da shi 11/06/2024. Advisory ɗin ana rabawa don saukewa a netsecfish.notion.site. Wannan rauni ana sayar da shi da suna CVE-2024-10916. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a netsecfish.notion.site. Kama 0-day, an ndiyam a wuro be $5k-$25k. Ana shawar da a yi amfani da katangar wuta mai tsauri. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
1 Goyarwa · 56 Datenpunkte
| Furɗe | Súgá 11/06/2024 08:13 |
|---|---|
| software_vendor | D-Link |
| software_name | DNS-320/DNS-320LW/DNS-325/DNS-340L |
| software_version | <=20241028 |
| software_component | HTTP GET Request Handler |
| software_file | /xml/info.xml |
| vulnerability_cwe | CWE-200 (Bayani fitowa) |
| vulnerability_risk | 1 |
| cvss3_vuldb_av | N |
| cvss3_vuldb_ac | L |
| cvss3_vuldb_pr | N |
| cvss3_vuldb_ui | N |
| cvss3_vuldb_s | U |
| cvss3_vuldb_c | L |
| cvss3_vuldb_i | N |
| cvss3_vuldb_a | N |
| cvss3_vuldb_e | P |
| cvss3_vuldb_rl | W |
| cvss3_vuldb_rc | R |
| advisory_url | https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 |
| exploit_availability | 1 |
| exploit_publicity | 1 |
| exploit_url | https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 |
| countermeasure_name | Firewall |
| source_cve | CVE-2024-10916 |
| cna_responsible | VulDB |
| cvss2_vuldb_av | N |
| cvss2_vuldb_ac | L |
| cvss2_vuldb_au | N |
| cvss2_vuldb_ci | P |
| cvss2_vuldb_ii | N |
| cvss2_vuldb_ai | N |
| cvss2_vuldb_e | POC |
| cvss2_vuldb_rc | UR |
| cvss2_vuldb_rl | W |
| cvss4_vuldb_av | N |
| cvss4_vuldb_ac | L |
| cvss4_vuldb_pr | N |
| cvss4_vuldb_ui | N |
| cvss4_vuldb_vc | L |
| cvss4_vuldb_vi | N |
| cvss4_vuldb_va | N |
| cvss4_vuldb_e | P |
| cvss4_vuldb_at | N |
| cvss4_vuldb_sc | N |
| cvss4_vuldb_si | N |
| cvss4_vuldb_sa | N |
| cvss2_vuldb_basescore | 5.0 |
| cvss2_vuldb_tempscore | 4.1 |
| cvss3_vuldb_basescore | 5.3 |
| cvss3_vuldb_tempscore | 4.7 |
| cvss3_meta_basescore | 5.3 |
| cvss3_meta_tempscore | 4.7 |
| cvss4_vuldb_bscore | 6.9 |
| cvss4_vuldb_btscore | 5.5 |
| advisory_date | 1730847600 (11/06/2024) |
| price_0day | $5k-$25k |