Sign-up

ID

VAR-202409-0012


CVE

CVE-2024-8460


TITLE

D-Link Systems, Inc.  of  D-Link DNS-320  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632

DESCRIPTION

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of D-Link DNS-320 There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-8460 // JVNDB: JVNDB-2024-007632

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-320scope:eqversion:2.02b01

Trust: 1.0

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope:eqversion:d-link dns-320 firmware 2.02b01

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632 // NVD: CVE-2024-8460

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-8460
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-8460
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-007632
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-8460
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-007632
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-8460
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-8460
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2024-007632
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632 // NVD: CVE-2024-8460 // NVD: CVE-2024-8460

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632 // NVD: CVE-2024-8460

EXTERNAL IDS

db:NVDid:CVE-2024-8460

Trust: 2.6

db:DLINKid:SAP10383

Trust: 1.8

db:VULDBid:276626

Trust: 1.0

db:JVNDBid:JVNDB-2024-007632

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632 // NVD: CVE-2024-8460

REFERENCES

url:https://github.com/leetsun/iot-vuls/tree/main/dlink-dns320/1

Trust: 1.8

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383

Trust: 1.8

url:https://vuldb.com/?submit.401297

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.276626

Trust: 1.0

url:https://vuldb.com/?id.276626

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-8460

Trust: 0.8

sources: JVNDB: JVNDB-2024-007632 // NVD: CVE-2024-8460

SOURCES

db:JVNDBid:JVNDB-2024-007632
db:NVDid:CVE-2024-8460

LAST UPDATE DATE

2024-09-11T19:16:46.298000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-007632date:2024-09-09T09:05:00
db:NVDid:CVE-2024-8460date:2024-09-06T16:30:54.027

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-007632date:2024-09-09T00:00:00
db:NVDid:CVE-2024-8460date:2024-09-05T12:15:03.010