Sign-up

ID

VAR-202411-0375


CVE

CVE-2024-10916


TITLE

plural  D-Link Systems, Inc.  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286

DESCRIPTION

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link DNS-320 firmware, D-Link DNS-320LW firmware, D-Link DNS-325 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-10916 // JVNDB: JVNDB-2024-012286

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-320lwscope:eqversion:*

Trust: 1.0

vendor:dlinkmodel:dns-340lscope:eqversion:*

Trust: 1.0

vendor:dlinkmodel:dns-320scope:eqversion:*

Trust: 1.0

vendor:dlinkmodel:dns-325scope:eqversion:*

Trust: 1.0

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320lwscope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-325scope: - version: -

Trust: 0.8

vendor:d linkmodel:dns-340lscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286 // NVD: CVE-2024-10916

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-10916
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-10916
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-012286
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-10916
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-012286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-10916
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2024-012286
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286 // NVD: CVE-2024-10916 // NVD: CVE-2024-10916

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286 // NVD: CVE-2024-10916

EXTERNAL IDS

db:NVDid:CVE-2024-10916

Trust: 2.6

db:VULDBid:283311

Trust: 1.8

db:JVNDBid:JVNDB-2024-012286

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286 // NVD: CVE-2024-10916

REFERENCES

url:https://netsecfish.notion.site/information-disclosure-vulnerability-report-in-xml-info-xml-for-d-link-nas-12d6b683e67c8019a311e699582f51b6?pvs=4

Trust: 1.8

url:https://vuldb.com/?ctiid.283311

Trust: 1.8

url:https://vuldb.com/?id.283311

Trust: 1.8

url:https://vuldb.com/?submit.432849

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-10916

Trust: 0.8

sources: JVNDB: JVNDB-2024-012286 // NVD: CVE-2024-10916

SOURCES

db:JVNDBid:JVNDB-2024-012286
db:NVDid:CVE-2024-10916

LAST UPDATE DATE

2024-11-12T23:16:58.278000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-012286date:2024-11-11T02:48:00
db:NVDid:CVE-2024-10916date:2024-11-08T20:11:37.567

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-012286date:2024-11-11T00:00:00
db:NVDid:CVE-2024-10916date:2024-11-06T15:15:12.123