Details of VAR-202401-0859

ID

VAR-202401-0859

CVE

CVE-2023-41603

TITLE

D-Link R15 code issue vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-02987

DESCRIPTION

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. D-Link R15 is a wireless router made by China D-Link Company. D-Link R15 v1.08.02 has a code issue vulnerability

Trust: 1.44

sources: NVD: CVE-2023-41603 // CNVD: CNVD-2024-02987

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-02987

AFFECTED PRODUCTS

vendor:	dlink	model:	r15	scope:	lte	version:	1.08.02	Trust: 1.0
vendor:	d link	model:	r15	scope:	lte	version:	<=1.08.02	Trust: 0.6

sources: CNVD: CNVD-2024-02987 // NVD: CVE-2023-41603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-41603
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2024-02987
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-02987
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-41603
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-02987 // NVD: CVE-2023-41603

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2023-41603

PATCH

title:

Patch for D-Link R15 code issue vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/517616

Trust: 0.6

sources: CNVD: CNVD-2024-02987

EXTERNAL IDS

db:	NVD	id:	CVE-2023-41603	Trust: 1.6
db:	DLINK	id:	SAP10347	Trust: 1.0
db:	CNVD	id:	CNVD-2024-02987	Trust: 0.6

sources: CNVD: CNVD-2024-02987 // NVD: CVE-2023-41603

REFERENCES

url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10347	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-41603	Trust: 0.6

sources: CNVD: CNVD-2024-02987 // NVD: CVE-2023-41603

SOURCES

db:	CNVD	id:	CNVD-2024-02987
db:	NVD	id:	CVE-2023-41603

LAST UPDATE DATE

2024-08-14T14:30:05.071000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-02987	date:	2024-01-18T00:00:00
db:	NVD	id:	CVE-2023-41603	date:	2024-01-12T19:13:05.087

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-02987	date:	2024-01-18T00:00:00
db:	NVD	id:	CVE-2023-41603	date:	2024-01-10T08:15:37.740