VDB-240246 · CVE-2023-5150 · GCVE-100-240246

D-Link DAR-7000/DAR-8000 जोपर्यंत 20151231 /useratte/web.php file_upload विशेषाधिकार वाढीचे प्रमाण वाढले

एक असुरक्षितता जी गंभीर म्हणून वर्गीकृत आहे, ती D-Link DAR-7000 and DAR-8000 जोपर्यंत 20151231 मध्ये आढळली आहे. प्रभावित आहे अज्ञात फंक्शन फाइल /useratte/web.php च्या. सॉफ्टवेअरमध्ये file_upload या आर्ग्युमेंटमध्ये वापर विशेषाधिकार वाढीचे प्रमाण वाढले घडवून आणतो. CWE वापरून समस्या घोषित केल्याने CWE-434 कडे नेले जाते. कमजोरी प्रकाशित करण्यात आली होती 24/09/2023. सल्ला डाउनलोडसाठी github.com येथे शेअर केला आहे. ही कमतरता CVE-2023-5150 या नावाने ओळखली जाते. हल्ला दूरस्थपणे सुरू करणे शक्य आहे. तांत्रिक तपशील उपलब्ध आहेत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे उघड झाले आहे आणि वापरले जाऊ शकते. सध्याच्या घडीला अंदाजे USD $0-$5k असू शकतो. MITRE ATT&CK प्रकल्पाने हल्ल्याची तंत्रज्ञान T1608.002 म्हणून घोषित केली आहे. हे प्रूफ-ऑफ-कॉन्सेप्ट म्हणून घोषित केले आहे. github.com या ठिकाणी शोषण डाउनलोडसाठी शेअर केले आहे. 0-डे म्हणून अंदाजे अंडरग्राउंड किंमत सुमारे $5k-$25k होती. प्रभावित घटक बंद करण्याची शिफारस केली जाते. VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 बदल · 98 डेटा पॉइंट्स

शेत	अद्ययावत 1/5 24/09/2023 06:06 PM	अद्ययावत 2/5 24/09/2023 06:12 PM	अद्ययावत 3/5 14/10/2023 07:35 PM	अद्ययावत 4/5 14/10/2023 07:42 PM	अद्ययावत 5/5 02/08/2024 11:45 AM
software_vendor	D-Link	D-Link	D-Link	D-Link	D-Link
software_name	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000	DAR-7000/DAR-8000
software_version	<=20151231	<=20151231	<=20151231	<=20151231	<=20151231
software_file	/useratte/web.php	/useratte/web.php	/useratte/web.php	/useratte/web.php	/useratte/web.php
software_argument	file_upload	file_upload	file_upload	file_upload	file_upload
vulnerability_cwe	CWE-434 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-434 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-434 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-434 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-434 (विशेषाधिकार वाढीचे प्रमाण वाढले)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	U	U	U	U	U
cvss3_vuldb_rc	C	C	C	C	C
advisory_url	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20web.md
countermeasure_name	अक्षम करा	अक्षम करा	अक्षम करा	अक्षम करा	अक्षम करा
source_cve	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150	CVE-2023-5150
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
response_summary	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
cna_eol	1	1	1	1	1
advisory_date	1695506400 (24/09/2023)	1695506400 (24/09/2023)	1695506400 (24/09/2023)	1695506400 (24/09/2023)	1695506400 (24/09/2023)
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	C	C	C	C	C
cvss2_vuldb_rl	U	U	U	U	U
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.9	5.9	5.9	5.9	5.9
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.0	6.0	6.0	6.0	6.0
cvss3_meta_basescore	6.3	6.3	6.3	7.1	7.1
cvss3_meta_tempscore	6.0	6.0	6.0	7.0	7.0
price_0day	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k	$5k-$25k
source_misc	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md	https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20web.md
advisory_confirm_url		https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354
cve_assigned			1695506400 (24/09/2023)	1695506400 (24/09/2023)	1695506400 (24/09/2023)
cve_nvd_summary			UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
cvss2_nvd_basescore				6.5	6.5
cvss3_nvd_basescore				8.8	8.8
cvss3_cna_basescore				6.3	6.3
cvss3_nvd_av				N	N
cvss3_nvd_ac				L	L
cvss3_nvd_pr				L	L
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				H	H
cvss3_nvd_i				H	H
cvss3_nvd_a				H	H
cvss2_nvd_av				N	N
cvss2_nvd_ac				L	L
cvss2_nvd_au				S	S
cvss2_nvd_ci				P	P
cvss2_nvd_ii				P	P
cvss2_nvd_ai				P	P
cvss3_cna_av				N	N
cvss3_cna_ac				L	L
cvss3_cna_pr				L	L
cvss3_cna_ui				N	N
cvss3_cna_s				U	U
cvss3_cna_c				L	L
cvss3_cna_i				L	L
cvss3_cna_a				L	L
cve_cna				VulDB	VulDB
cve_nvd_summaryes					NO SOPORTADO CUANDO ESTÁ ASIGNADO NO SOPORTADO CUANDO ESTÁ ASIGNADO Una vulnerabilidad clasificada como crítica ha sido encontrada en D-Link DAR-7000 y DAR-8000 hasta 20151231. Una función desconocida del archivo /useratte/web es afectada por esta vulnerabilidad. php. La manipulación del argumento file_upload conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-240246 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contactó primeramente con el proveedor y se confirmó de inmediato que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
cvss2_cna_av					N
cvss2_cna_ac					L
cvss2_cna_au					S
cvss2_cna_ci					P
cvss2_cna_ii					P
cvss2_cna_ai					P
cvss2_cna_basescore					6.5
cvss4_vuldb_av					N
cvss4_vuldb_ac					L
cvss4_vuldb_pr					L
cvss4_vuldb_ui					N
cvss4_vuldb_vc					L
cvss4_vuldb_vi					L
cvss4_vuldb_va					L
cvss4_vuldb_e					P
cvss4_vuldb_at					N
cvss4_vuldb_sc					N
cvss4_vuldb_si					N
cvss4_vuldb_sa					N
cvss4_vuldb_bscore					5.3
cvss4_vuldb_btscore					2.1

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Might our Artificial Intelligence support you?

Check our Alexa App!