Sign-up

ID

VAR-202407-0096


CVE

CVE-2024-6525


TITLE

D-Link Systems, Inc.  of  dar-7000  Untrusted Data Deserialization Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-004060

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270368. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link Systems, Inc. of dar-7000 An untrusted data deserialization vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DAR-7000 is an Internet behavior audit gateway of D-Link, a Chinese company. DAR-7000 of D-Link Electronic Equipment (Shanghai) Co., Ltd. The vulnerability is caused by the file parameter of /log/decodmail.php that can deserialize certain content. No detailed vulnerability details are provided at present

Trust: 2.16

sources: NVD: CVE-2024-6525 // JVNDB: JVNDB-2024-004060 // CNVD: CNVD-2024-31363

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-31363

AFFECTED PRODUCTS

vendor:d linkmodel:dar-7000scope: - version: -

Trust: 1.4

vendor:dlinkmodel:dar-7000scope:lteversion:2023-09-22

Trust: 1.0

vendor:d linkmodel:dar-7000scope:lteversion:dar-7000 firmware 2023-09-22 and earlier

Trust: 0.8

vendor:d linkmodel:dar-7000scope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2024-31363 // JVNDB: JVNDB-2024-004060 // NVD: CVE-2024-6525

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-6525
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-6525
value: HIGH

Trust: 1.0

NVD: CVE-2024-6525
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-31363
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-6525
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-31363
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-6525
baseSeverity: LOW
baseScore: 2.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-6525
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-6525
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-31363 // JVNDB: JVNDB-2024-004060 // NVD: CVE-2024-6525 // NVD: CVE-2024-6525

PROBLEMTYPE DATA

problemtype:CWE-502

Trust: 1.0

problemtype:Deserialization of untrusted data (CWE-502) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-004060 // NVD: CVE-2024-6525

PATCH

title:Patch for D-Link Electronics (Shanghai) Co., Ltd. DAR-7000 has a code problem vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/567866

Trust: 0.6

sources: CNVD: CNVD-2024-31363

EXTERNAL IDS

db:NVDid:CVE-2024-6525

Trust: 3.2

db:VULDBid:270368

Trust: 1.8

db:DLINKid:SAP10354

Trust: 1.8

db:JVNDBid:JVNDB-2024-004060

Trust: 0.8

db:CNVDid:CNVD-2024-31363

Trust: 0.6

sources: CNVD: CNVD-2024-31363 // JVNDB: JVNDB-2024-004060 // NVD: CVE-2024-6525

REFERENCES

url:https://github.com/flyyue2001/cve/blob/main/d-link%20-dar-7000_rce_%20decodmail.md

Trust: 1.8

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10354

Trust: 1.8

url:https://vuldb.com/?id.270368

Trust: 1.8

url:https://vuldb.com/?submit.368099

Trust: 1.8

url:https://vuldb.com/?ctiid.270368

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-6525

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2024-6525/

Trust: 0.6

sources: CNVD: CNVD-2024-31363 // JVNDB: JVNDB-2024-004060 // NVD: CVE-2024-6525

SOURCES

db:CNVDid:CNVD-2024-31363
db:JVNDBid:JVNDB-2024-004060
db:NVDid:CVE-2024-6525

LAST UPDATE DATE

2024-08-14T13:19:16.378000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-31363date:2024-07-10T00:00:00
db:JVNDBid:JVNDB-2024-004060date:2024-07-09T00:43:00
db:NVDid:CVE-2024-6525date:2024-08-01T22:15:45.760

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-31363date:2024-07-10T00:00:00
db:JVNDBid:JVNDB-2024-004060date:2024-07-09T00:00:00
db:NVDid:CVE-2024-6525date:2024-07-05T13:15:11.170