CVE-2024-0717

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0717

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

A

vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.

References
Link Resource
https://github.com/999zzzzz/D-Link Exploit Third Party Advisory
https://vuldb.com/?ctiid.251542 Third Party Advisory
https://vuldb.com/?id.251542 Third Party Advisory
https://github.com/999zzzzz/D-Link Exploit Third Party Advisory
https://vuldb.com/?ctiid.251542 Third Party Advisory
https://vuldb.com/?id.251542 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-825acg1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825acg1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dir-841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-841:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dir-1260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dir-x1530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-x1530:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dir-825_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dlink:dir-853_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-853:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-1210:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dlink:dir-806a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-806a:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dlink:dir-815_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-815:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dlink:dsl-245gr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-245gr:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dlink:dsl-g2452gr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-g2452gr:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dlink:dir-878_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-878:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dlink:dir-825acf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825acf:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dlink:dir-615t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615t:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dlink:dir-300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-300:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dlink:dir-842s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-842s:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dlink:dir-815s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-815s:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dlink:dsl-2640u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2640u:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dlink:dir-2150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-2150:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dlink:dir-615s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615s:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dlink:dir-620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dlink:dvg-5402g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dvg-5402g:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dlink:dir-882_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-882:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dlink:dwm-312w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwm-312w:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:dlink:dir-815\/ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-815\/ac:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:dlink:dsl-224_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-224:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:dlink:dwm-321_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwm-321:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:dlink:dir-x1860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-x1860:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:dlink:dir-820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-820:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:dlink:dir-843_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-843:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:dlink:dvg-5402g\/gfru_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dvg-5402g\/gfru:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:dlink:dwr-953_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-953:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:dlink:dvg-n5402g\/il_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dvg-n5402g\/il:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:dlink:dir-825ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825ac:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:dlink:dir-620s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-620s:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:dlink:dvg-n5402g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dvg-n5402g:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:dlink:dir-615gf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615gf:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:dlink:dir-816_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-816:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://github.com/999zzzzz/D-Link - Exploit, Third Party Advisory () https://github.com/999zzzzz/D-Link - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.251542 - Third Party Advisory () https://vuldb.com/?ctiid.251542 - Third Party Advisory
References () https://vuldb.com/?id.251542 - Third Party Advisory () https://vuldb.com/?id.251542 - Third Party Advisory
Information

Published : 2024-01-19 16:15

Updated : 2024-11-21 08:47

NVD link : CVE-2024-0717

Mitre link : CVE-2024-0717

CVE.ORG link : CVE-2024-0717

JSON object : View

Products Affected

dlink

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo