nvd-json-data-feeds/CVE-2017/CVE-2017-84xx/CVE-2017-8406.json

{
  "id": "CVE-2017-8406",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-07-02T20:15:10.967",
  "lastModified": "2021-04-26T16:43:57.357",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en los dispositivos DCS-1130 de D-Link. El dispositivo provee un archivo crossdomain.xml sin restricciones sobre qui\u00e9n puede acceder al servidor web. Esto permite que un archivo flash alojado en cualquier dominio realice llamadas al servidor web del dispositivo y extraiga cualquier informaci\u00f3n almacenada en el mismo. En este caso, las credenciales del usuario son almacenadas en texto sin cifrar en el dispositivo y pueden ser  extra\u00eddas f\u00e1cilmente. Tambi\u00e9n parece que el dispositivo no implementa ning\u00fan mecanismo de protecci\u00f3n contra un problema de tipo cross-site scripting forgery, que permite a un atacante enga\u00f1ar a un usuario que ha iniciado sesi\u00f3n en la interfaz de administraci\u00f3n web para ejecutar un ataque de tipo cross-site flashing en el navegador del usuario y ejecutar cualquier acci\u00f3n sobre el dispositivo provisto mediante la interfaz de administraci\u00f3n web que roba las credenciales de la respuesta del archivo tools_admin.cgi y las muestra dentro de un campo de texto."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:dlink:dcs-1130_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB53465-4FE2-43EF-B2C6-839DFEA80D62"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "33A388EC-275D-4180-83E2-AD73F7EEB54F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://seclists.org/bugtraq/2019/Jun/8",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}