VDB-275923 · CVE-2024-8214 · SAP10383

D-Link DNS-1550-04 ଯେପର୍ଯ୍ୟନ୍ତ 20240814 /cgi-bin/hd_config.cgi cgi_FMT_Std2R5_2nd_DiskMGR f_source_dev ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 ଯେପର୍ଯ୍ୟନ୍ତ 20240814 keessatti argameera. Miidhaan irra gahe is hojii cgi_FMT_Std2R5_2nd_DiskMGR faayilii /cgi-bin/hd_config.cgi keessa. Dhugumatti jijjiirraa irratti raawwatame f_source_dev gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-77 si geessa. Beekumsi kun yeroo 08/27/2024 ifoomsifameera akka SAP10383. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2024-8214 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $5k-$25k jedhamee tilmaamame. Qabiyyee miidhamte bakka buusuuf filannoo biraa itti fayyadamuun ni gorfama. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 ଆଡାପ୍ଟେସନ୍ · 91 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 08/27/2024 01:39 PM	ଅଦ୍ୟତନ 1/2 08/28/2024 04:29 PM	ଅଦ୍ୟତନ 2/2 08/29/2024 06:36 PM
software_vendor	D-Link	D-Link	D-Link
software_name	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04
software_version	<=20240814	<=20240814	<=20240814
software_file	/cgi-bin/hd_config.cgi	/cgi-bin/hd_config.cgi	/cgi-bin/hd_config.cgi
software_function	cgi_FMT_Std2R5_2nd_DiskMGR	cgi_FMT_Std2R5_2nd_DiskMGR	cgi_FMT_Std2R5_2nd_DiskMGR
software_argument	f_source_dev	f_source_dev	f_source_dev
vulnerability_cwe	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	C	C	C
advisory_identifier	SAP10383	SAP10383	SAP10383
advisory_url	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md
advisory_confirm_url	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R5_2nd_DiskMGR.md
countermeasure_name	ବିକଳ୍ପ	ବିକଳ୍ପ	ବିକଳ୍ପ
source_cve	CVE-2024-8214	CVE-2024-8214	CVE-2024-8214
cna_responsible	VulDB	VulDB	VulDB
response_summary	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
cna_eol	1	1	1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	W	W	W
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.8	5.8	5.8
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.8	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1724709600 (08/27/2024)	1724709600 (08/27/2024)	1724709600 (08/27/2024)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_nvd_summary		A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected by this vulnerability is the function cgi_FMT_Std2R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
cve_nvd_summaryes		Una vulnerabilidad clasificada como crítica fue encontrada en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325 , DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 y DNS-1550-04 hasta 20240814. La función cgi_FMT_Std2R5_2nd_DiskMGR del archivo /cgi-bin/hd_config.cgi es afectada por esta vulnerabilidad. La manipulación del argumento f_source_dev conduce a la inyección de comandos. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.	Una vulnerabilidad clasificada como crítica fue encontrada en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325 , DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 y DNS-1550-04 hasta 20240814. La función cgi_FMT_Std2R5_2nd_DiskMGR del archivo /cgi-bin/hd_config.cgi es afectada por esta vulnerabilidad. La manipulación del argumento f_source_dev conduce a la inyección de comandos. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!