Sign-up

ID

VAR-202408-0139


CVE

CVE-2024-7357


TITLE

D-Link DIR-600 Operating System Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-35161

DESCRIPTION

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. D-Link DIR-600 is a wireless router from D-Link, a Chinese company. No detailed vulnerability details are currently provided

Trust: 1.44

sources: NVD: CVE-2024-7357 // CNVD: CNVD-2024-35161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35161

AFFECTED PRODUCTS

vendor:d linkmodel:dir-600scope:lteversion:<=2.18

Trust: 0.6

sources: CNVD: CNVD-2024-35161

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-7357
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-35161
value: MEDIUM

Trust: 0.6

cna@vuldb.com: CVE-2024-7357
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2024-35161
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2024-7357
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-35161 // NVD: CVE-2024-7357

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2024-7357

PATCH

title:Patch for D-Link DIR-600 Operating System Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576101

Trust: 0.6

sources: CNVD: CNVD-2024-35161

EXTERNAL IDS

db:NVDid:CVE-2024-7357

Trust: 1.6

db:DLINKid:SAP10408

Trust: 1.0

db:VULDBid:273329

Trust: 1.0

db:CNVDid:CNVD-2024-35161

Trust: 0.6

sources: CNVD: CNVD-2024-35161 // NVD: CVE-2024-7357

REFERENCES

url:https://github.com/beacox/iot_vuln/tree/main/d-link/dir-600/soapcgi_main_injection

Trust: 1.0

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10408

Trust: 1.0

url:https://vuldb.com/?ctiid.273329

Trust: 1.0

url:https://vuldb.com/?id.273329

Trust: 1.0

url:https://vuldb.com/?submit.383695

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-7357/

Trust: 0.6

sources: CNVD: CNVD-2024-35161 // NVD: CVE-2024-7357

SOURCES

db:CNVDid:CNVD-2024-35161
db:NVDid:CVE-2024-7357

LAST UPDATE DATE

2024-08-15T08:54:27.380000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35161date:2024-08-13T00:00:00
db:NVDid:CVE-2024-7357date:2024-08-07T14:15:33.230

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35161date:2024-08-06T00:00:00
db:NVDid:CVE-2024-7357date:2024-08-01T13:15:10.950