Sign-up

ID

VAR-200412-0052


CVE

CVE-2004-0615


TITLE

Multiple D-Link products Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200412-032

DESCRIPTION

Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the router can craft malicious DHCP hostnames, that when sent to the router, will be logged for later viewing by the administrator of the device. The injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible. Although only the DI-614+, DI-704, and the DI-624 are reported vulnerable, code reuse across devices is common and other products may also be affected

Trust: 1.26

sources: NVD: CVE-2004-0615 // BID: 10587 // VULHUB: VHN-9045

AFFECTED PRODUCTS

vendor:d linkmodel:di-614\+scope:eqversion:2.30

Trust: 1.6

vendor:d linkmodel:di-704pscope:eqversion:2.60b2

Trust: 1.6

vendor:dlinkmodel:di-624scope:lteversion:1.28

Trust: 1.0

vendor:d linkmodel:di-624scope:eqversion:1.28

Trust: 0.6

vendor:d linkmodel:dl-704 b2scope:eqversion:2.60

Trust: 0.3

vendor:d linkmodel:dl-704 b6scope:eqversion:2.56

Trust: 0.3

vendor:d linkmodel:dl-704 b5scope:eqversion:2.56

Trust: 0.3

vendor:d linkmodel:di-624 soho routerscope:eqversion:1.28

Trust: 0.3

vendor:d linkmodel:di-614+scope:eqversion:2.18

Trust: 0.3

vendor:d linkmodel:di-614+scope:eqversion:2.10

Trust: 0.3

vendor:d linkmodel:di-614+ fscope:eqversion:2.0

Trust: 0.3

vendor:d linkmodel:di-614+ 3gscope:eqversion:2.0

Trust: 0.3

vendor:d linkmodel:di-614+scope:eqversion:2.03

Trust: 0.3

vendor:d linkmodel:di-614+scope:eqversion:2.0

Trust: 0.3

sources: BID: 10587 // CNNVD: CNNVD-200412-032 // NVD: CVE-2004-0615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0615
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-032
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0615
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9045
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9045 // CNNVD: CNNVD-200412-032 // NVD: CVE-2004-0615

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-032

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200412-032

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-9045

PATCH
title:A variety of D-Link products Vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234979
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-032

EXTERNAL IDS
db:BIDid:10587
Trust: 2.0
db:SECUNIAid:11919
Trust: 1.7
db:SECTRACKid:1010562
Trust: 1.7
db:OSVDBid:7211
Trust: 1.7
db:NVDid:CVE-2004-0615
Trust: 1.7
db:CNNVDid:CNNVD-200412-032
Trust: 0.6
db:SEEBUGid:SSVID-77959
Trust: 0.1
db:EXPLOIT-DBid:24226
Trust: 0.1
db:VULHUBid:VHN-9045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9045 // 
            
            
            
            BID: 10587 // 
            
            
            
            CNNVD: CNNVD-200412-032 // 
            
            
            
            NVD: CVE-2004-0615

REFERENCES
url:http://www.securityfocus.com/bid/10587
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2004-07/0014.html
Trust: 1.7
url:http://www.osvdb.org/7211
Trust: 1.7
url:http://securitytracker.com/id?1010562
Trust: 1.7
url:http://secunia.com/advisories/11919
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16468
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=108786257609932&w=2
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=108797273127182&w=2
Trust: 1.6
url:http://www.d-link.com/
Trust: 0.3
url:/archive/1/366615
Trust: 0.3
url:/archive/1/367855
Trust: 0.3
url:/archive/1/366826
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=108786257609932&w=2
Trust: 0.1
url:http://marc.info/?l=bugtraq&m=108797273127182&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9045 // 
            
            
            
            BID: 10587 // 
            
            
            
            CNNVD: CNNVD-200412-032 // 
            
            
            
            NVD: CVE-2004-0615

CREDITS
c3rb3r
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-032

SOURCES
db:VULHUBid:VHN-9045
db:BIDid:10587
db:CNNVDid:CNNVD-200412-032
db:NVDid:CVE-2004-0615

LAST UPDATE DATE
2024-08-14T14:29:27.372000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-9045date:2017-07-11T00:00:00
db:BIDid:10587date:2004-06-21T00:00:00
db:CNNVDid:CNNVD-200412-032date:2023-04-28T00:00:00
db:NVDid:CVE-2004-0615date:2023-04-26T18:55:30.893

SOURCES RELEASE DATE
db:VULHUBid:VHN-9045date:2004-12-06T00:00:00
db:BIDid:10587date:2004-06-21T00:00:00
db:CNNVDid:CNNVD-200412-032date:2004-12-06T00:00:00
db:NVDid:CVE-2004-0615date:2004-12-06T05:00:00