Sign-up

ID

VAR-202007-1256


CVE

CVE-2020-9377


TITLE

D-Link DIR-610 Code injection vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2020-007738

DESCRIPTION

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ** Not supported ** This issue is a vulnerability in an unsupported version. D-Link DIR-610 A code injection vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-610 is a wireless router made by D-Link in Taiwan. There is a remote code execution vulnerability in D-Link DIR-610. The vulnerability stems from the fact that the network system or product fails to properly filter the special elements in the process of constructing code segments with external input data. The attacker can send it to the command.php file. The'cmd' parameter uses this vulnerability to execute code

Trust: 2.25

sources: NVD: CVE-2020-9377 // JVNDB: JVNDB-2020-007738 // CNVD: CNVD-2020-41298 // VULMON: CVE-2020-9377

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41298

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-610scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:d-link dir-610scope: - version: -

Trust: 0.8

vendor:dlinkmodel:d-link dir-610scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-41298 // JVNDB: JVNDB-2020-007738 // NVD: CVE-2020-9377

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9377
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007738
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-41298
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-405
value: HIGH

Trust: 0.6

VULMON: CVE-2020-9377
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9377
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007738
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41298
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9377
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007738
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41298 // VULMON: CVE-2020-9377 // JVNDB: JVNDB-2020-007738 // CNNVD: CNNVD-202007-405 // NVD: CVE-2020-9377

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-94

Trust: 0.8

sources: JVNDB: JVNDB-2020-007738 // NVD: CVE-2020-9377

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-405

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007738

PATCH
title:DIR-610url:https://www.dlink.com.br/produto/dir-610/
Trust: 0.8
title:(non-US) DIR-610 :: Ax :: Multiple Vulnerabilities on End of Service Life Producturl:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
Trust: 0.8
title:Exploits for CVE-2020-9376 and CVE-2020-9377url:https://github.com/renatoalencar/dlink-dir610-exploits 
Trust: 0.1
title:Dear Diary,url:https://github.com/ker2x/DearDiary 
Trust: 0.1
title:https://github.com/hasee2018/Penetration_Testing_POCurl:https://github.com/hasee2018/Penetration_Testing_POC 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-9377 // 
            
            
            
            JVNDB: JVNDB-2020-007738

EXTERNAL IDS
db:NVDid:CVE-2020-9377
Trust: 3.1
db:DLINKid:SAP10182
Trust: 1.6
db:JVNDBid:JVNDB-2020-007738
Trust: 0.8
db:CNVDid:CNVD-2020-41298
Trust: 0.6
db:CNNVDid:CNNVD-202007-405
Trust: 0.6
db:VULMONid:CVE-2020-9377
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41298 // 
            
            
            
            VULMON: CVE-2020-9377 // 
            
            
            
            JVNDB: JVNDB-2020-007738 // 
            
            
            
            CNNVD: CNNVD-202007-405 // 
            
            
            
            NVD: CVE-2020-9377

REFERENCES
url:https://gist.github.com/gouveaheitor/131557f9de7d571f118f59805df852dc
Trust: 2.4
url:https://www.dlink.com.br/produto/dir-610/
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-9377
Trust: 2.0
url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10182
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9377
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-41298 // 
            
            
            
            JVNDB: JVNDB-2020-007738 // 
            
            
            
            CNNVD: CNNVD-202007-405 // 
            
            
            
            NVD: CVE-2020-9377

SOURCES
db:CNVDid:CNVD-2020-41298
db:VULMONid:CVE-2020-9377
db:JVNDBid:JVNDB-2020-007738
db:CNNVDid:CNNVD-202007-405
db:NVDid:CVE-2020-9377

LAST UPDATE DATE
2024-08-16T22:43:25.016000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-41298date:2020-07-21T00:00:00
db:VULMONid:CVE-2020-9377date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-007738date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-405date:2020-07-16T00:00:00
db:NVDid:CVE-2020-9377date:2024-08-14T15:04:22.463

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-41298date:2020-07-21T00:00:00
db:VULMONid:CVE-2020-9377date:2020-07-09T00:00:00
db:JVNDBid:JVNDB-2020-007738date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-405date:2020-07-09T00:00:00
db:NVDid:CVE-2020-9377date:2020-07-09T13:15:10.653