Details of VAR-202410-0330

ID

VAR-202410-0330

CVE

CVE-2024-9792

TITLE

D-Link Systems, Inc. of DSL-2750U Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-013419

DESCRIPTION

A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. D-Link Systems, Inc. of DSL-2750U Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. D-Link DSL-2750U is a wireless router from D-Link, a Chinese company. D-Link DSL-2750U R5B017 has a cross-site scripting vulnerability. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the parameter PortMappingDescription. Attackers can exploit this vulnerability to execute arbitrary web scripts or HTML by injecting carefully crafted payloads

Trust: 2.16

sources: NVD: CVE-2024-9792 // JVNDB: JVNDB-2024-013419 // CNVD: CNVD-2024-41048

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41048

AFFECTED PRODUCTS

vendor:	dlink	model:	dsl-2750u	scope:	eq	version:	r5b017	Trust: 1.0
vendor:	d link	model:	dsl-2750u	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dsl-2750u	scope:	eq	version:	dsl-2750u firmware r5b017	Trust: 0.8
vendor:	d link	model:	dsl-2750u	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dsl-2750u r5b017	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-41048 // JVNDB: JVNDB-2024-013419 // NVD: CVE-2024-9792

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2024-9792
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-9792
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-013419
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-41048
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2024-9792
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2024-013419
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2024-41048
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2024-9792
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-9792
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2024-013419
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41048 // JVNDB: JVNDB-2024-013419 // NVD: CVE-2024-9792 // NVD: CVE-2024-9792

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-013419 // NVD: CVE-2024-9792

EXTERNAL IDS

db:	NVD	id:	CVE-2024-9792	Trust: 3.2
db:	VULDB	id:	279945	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-013419	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41048	Trust: 0.6

sources: CNVD: CNVD-2024-41048 // JVNDB: JVNDB-2024-013419 // NVD: CVE-2024-9792

REFERENCES

url:	https://vuldb.com/?id.279945	Trust: 1.8
url:	https://vuldb.com/?submit.415532	Trust: 1.8
url:	https://www.dlink.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-9792	Trust: 1.4
url:	https://vuldb.com/?ctiid.279945	Trust: 1.0

sources: CNVD: CNVD-2024-41048 // JVNDB: JVNDB-2024-013419 // NVD: CVE-2024-9792

SOURCES

db:	CNVD	id:	CNVD-2024-41048
db:	JVNDB	id:	JVNDB-2024-013419
db:	NVD	id:	CVE-2024-9792

LAST UPDATE DATE

2024-11-28T22:58:42.818000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41048	date:	2024-10-18T00:00:00
db:	JVNDB	id:	JVNDB-2024-013419	date:	2024-11-26T02:42:00
db:	NVD	id:	CVE-2024-9792	date:	2024-11-25T19:02:48.587

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41048	date:	2024-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2024-013419	date:	2024-11-26T00:00:00
db:	NVD	id:	CVE-2024-9792	date:	2024-10-10T15:15:15.710