mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
324 lines
14 KiB
JSON
324 lines
14 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-7715",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Es wurde eine Schwachstelle in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 bis 20240812 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion sprintf der Datei /cgi-bin/photocenter_mgr.cgi. Durch das Manipulieren des Arguments filter mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-77 Command Injection",
|
|
"cweId": "CWE-77"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "D-Link",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "DNS-120",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNR-202L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-315L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-320",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-320L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-320LW",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-321",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNR-322L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-323",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-325",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-326",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-327L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNR-326",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-340L",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-343",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-345",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-726-4",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-1100-4",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-1200-05",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "DNS-1550-04",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20240812"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.274281",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.274281"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.274281",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.274281"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?submit.389261",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?submit.389261"
|
|
},
|
|
{
|
|
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_photo_search.md"
|
|
},
|
|
{
|
|
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
|
|
"refsource": "MISC",
|
|
"name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "BuaaIoTTeam (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 6.5,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |