Details of VAR-202006-0471

ID

VAR-202006-0471

CVE

CVE-2020-13960

TITLE

D-Link DSL 2730-U and DIR-600M Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-006269

DESCRIPTION

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. D-Link DSL 2730-U and DIR-600M An unspecified vulnerability exists in the device.Information may be obtained and tampered with. D-Link DIR-600M and D-Link DSL 2730-U are both wireless routers from Taiwan's D-Link Corporation. D-Link DSL 2730-U IN_1.10 version, IN_1.11 version, and DIR-600M version 3.04 DNS resolver search path has a security vulnerability

Trust: 2.16

sources: NVD: CVE-2020-13960 // JVNDB: JVNDB-2020-006269 // CNVD: CNVD-2020-33167

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-33167

AFFECTED PRODUCTS

vendor:	d link	model:	dir-600m	scope:	eq	version:	3.04	Trust: 1.4
vendor:	dlink	model:	dsl-2730u	scope:	eq	version:	in_1.10	Trust: 1.0
vendor:	dlink	model:	dir-600m	scope:	eq	version:	3.04	Trust: 1.0
vendor:	d link	model:	dsl-2730u	scope:	eq	version:	in_1.10	Trust: 0.8
vendor:	d link	model:	dsl-2730u	scope:	eq	version:	in_1.11	Trust: 0.8
vendor:	d link	model:	dsl 2730-u in 1.10	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dsl 2730-u in 1.11	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-33167 // JVNDB: JVNDB-2020-006269 // NVD: CVE-2020-13960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-13960
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006269
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-33167
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-609
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-13960
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006269
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-33167
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-13960
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006269
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-33167 // JVNDB: JVNDB-2020-006269 // CNNVD: CNNVD-202006-609 // NVD: CVE-2020-13960

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-13960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-609

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-609

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006269

PATCH

title:

Top Page

url:

https://www.dlink.com/en/consumer

Trust: 0.8

sources: JVNDB: JVNDB-2020-006269

EXTERNAL IDS

db:	NVD	id:	CVE-2020-13960	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006269	Trust: 0.8
db:	CNVD	id:	CNVD-2020-33167	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-609	Trust: 0.6

sources: CNVD: CNVD-2020-33167 // JVNDB: JVNDB-2020-006269 // CNNVD: CNNVD-202006-609 // NVD: CVE-2020-13960

REFERENCES

url:	https://harigovind.org/articles/who-is-hijacking-my-nxdomains/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13960	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13960	Trust: 0.8

sources: CNVD: CNVD-2020-33167 // JVNDB: JVNDB-2020-006269 // CNNVD: CNNVD-202006-609 // NVD: CVE-2020-13960

SOURCES

db:	CNVD	id:	CNVD-2020-33167
db:	JVNDB	id:	JVNDB-2020-006269
db:	CNNVD	id:	CNNVD-202006-609
db:	NVD	id:	CVE-2020-13960

LAST UPDATE DATE

2024-11-23T22:29:36.470000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-33167	date:	2020-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-006269	date:	2020-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202006-609	date:	2020-06-12T00:00:00
db:	NVD	id:	CVE-2020-13960	date:	2024-11-21T05:02:14.663

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-33167	date:	2020-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-006269	date:	2020-07-03T00:00:00
db:	CNNVD	id:	CNNVD-202006-609	date:	2020-06-08T00:00:00
db:	NVD	id:	CVE-2020-13960	date:	2020-06-08T20:15:11.633