VDB-275921 · CVE-2024-8212 · SAP10383

D-Link DNS-1550-04 जोपर्यंत 20240814 /cgi-bin/hd_config.cgi cgi_FMT_R12R5_2nd_DiskMGR f_source_dev विशेषाधिकार वाढीचे प्रमाण वाढले

एक कमकुवतपणा जो गंभीर म्हणून वर्गीकृत केला आहे, तो D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 जोपर्यंत 20240814 मध्ये आढळून आला आहे. या ठिकाणी परिणाम झाला आहे फंक्शन cgi_FMT_R12R5_2nd_DiskMGR फाइल /cgi-bin/hd_config.cgi च्या. सॉफ्टवेअरमध्ये f_source_dev या आर्ग्युमेंटचे केलेली छेडछाड विशेषाधिकार वाढीचे प्रमाण वाढले निर्माण करते. समस्या जाहीर करण्यासाठी CWE वापरल्यास CWE-77 येथे नेले जाते. ही कमतरता प्रसिद्ध करण्यात आली होती 27/08/2024 म्हणून SAP10383. डाउनलोडसाठी सल्ला github.com वर शेअर केला आहे. ही असुरक्षा CVE-2024-8212 म्हणून नोंदवली गेली आहे. दूरवरून हा हल्ला घडवून आणता येतो. तांत्रिक तपशील दिलेले आहेत. यासाठी एक एक्स्प्लॉइट उपलब्ध आहे. शोषण सार्वजनिकपणे जाहीर झाले आहे आणि त्याचा वापर होऊ शकतो. सध्या USD $0-$5k इतका असू शकतो. MITRE ATT&CK प्रकल्प T1202 हल्ला तंत्रज्ञान म्हणून घोषित करतो. प्रूफ-ऑफ-कॉन्सेप्ट म्हणून हे घोषित केले गेले आहे. डाउनलोडसाठी शोषण github.com वर उपलब्ध आहे. 0-डे म्हणून त्याची अंदाजे भूमिगत किंमत $5k-$25k होती. प्रभावित घटक बदलून त्याऐवजी पर्यायी घटक वापरण्याची शिफारस केली जाते. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 बदल · 91 डेटा पॉइंट्स

शेत	तयार केली 27/08/2024 01:39 PM	अद्ययावत 1/2 28/08/2024 04:29 PM	अद्ययावत 2/2 29/08/2024 06:36 PM
software_vendor	D-Link	D-Link	D-Link
software_name	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04	DNS-120/DNR-202L/DNS-315L/DNS-320/DNS-320L/DNS-320LW/DNS-321/DNR-322L/DNS-323/DNS-325/DNS-326/DNS-327L/DNR-326/DNS-340L/DNS-343/DNS-345/DNS-726-4/DNS-1100-4/DNS-1200-05/DNS-1550-04
software_version	<=20240814	<=20240814	<=20240814
software_file	/cgi-bin/hd_config.cgi	/cgi-bin/hd_config.cgi	/cgi-bin/hd_config.cgi
software_function	cgi_FMT_R12R5_2nd_DiskMGR	cgi_FMT_R12R5_2nd_DiskMGR	cgi_FMT_R12R5_2nd_DiskMGR
software_argument	f_source_dev	f_source_dev	f_source_dev
vulnerability_cwe	CWE-77 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-77 (विशेषाधिकार वाढीचे प्रमाण वाढले)	CWE-77 (विशेषाधिकार वाढीचे प्रमाण वाढले)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	C	C	C
advisory_identifier	SAP10383	SAP10383	SAP10383
advisory_url	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md
advisory_confirm_url	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383	https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md	https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_2nd_DiskMGR.md
countermeasure_name	पर्यायी	पर्यायी	पर्यायी
source_cve	CVE-2024-8212	CVE-2024-8212	CVE-2024-8212
cna_responsible	VulDB	VulDB	VulDB
response_summary	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
cna_eol	1	1	1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	W	W	W
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.8	5.8	5.8
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.8	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1724709600 (27/08/2024)	1724709600 (27/08/2024)	1724709600 (27/08/2024)
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_nvd_summary		A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.	A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been rated as critical. This issue affects the function cgi_FMT_R12R5_2nd_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_source_dev leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
cve_nvd_summaryes		Se encontró una vulnerabilidad en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS- 326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 y DNS-1550-04 hasta 20240814. ha sido calificado como crítico. Este problema afecta la función cgi_FMT_R12R5_2nd_DiskMGR del archivo /cgi-bin/hd_config.cgi. La manipulación del argumento f_source_dev conduce a la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.	Se encontró una vulnerabilidad en D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS- 326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 y DNS-1550-04 hasta 20240814. ha sido calificado como crítico. Este problema afecta la función cgi_FMT_R12R5_2nd_DiskMGR del archivo /cgi-bin/hd_config.cgi. La manipulación del argumento f_source_dev conduce a la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contactó primeramente con el proveedor y se confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!